[SQLObject] Recommended method for string replacement.
SQLObject is a Python ORM.
Brought to you by:
ianbicking,
phd
Menu
▾
▴
[SQLObject] Recommended method for string replacement.
|
From: Jorge G. <go...@ie...> - 2005-10-13 23:02:45
|
Hi!
What is the recommended way to pass strings to be replaced by SQLObject? For
exemplo:
segmento = Segmento.select("descricao ILIKE ('toxicologia')")
could become:
segmento = Segmento.select("descricao ILIKE (%s)" % 'toxicologia')
or:
segmento = Segmento.select("descricao ILIKE (%s)" % ('toxicologia'))
I'm trying to avoid having to check the string to prevent some kind of SQL
injection... But none of the above work, my RDBMS receives an unquoted
string and then bails out with an error.
--
Jorge Godoy <go...@ie...>
|