From: Ian Bicking <ianb@co...> - 2004-04-23 20:33:31
> To what degree does SQLObject or SQLbuilder prevent SQL injection attacks? I
> will be accepting user input that may contain ('),("), or (;). Do I need to
> filter this in my app or does it 'just work'?
SQLBuilder handles it, or if you generate your own SQL you can use
self.sqlrepr() to do the necessary quoting (like "some_column = %s" %