← Back to team overview

zeitgeist team mailing list archive

Re: [Merge] lp:~seif/zeitgeist/use-new-placeholders into lp:zeitgeist

 

I believe we use the current approach because the 'correct' one fails with
thousands of ids in the arguments
On Dec 7, 2010 3:01 PM, "Seif Lotfy" <seif@xxxxxxxxx> wrote:
> Seif Lotfy has proposed merging lp:~seif/zeitgeist/use-new-placeholders
into lp:zeitgeist.
>
> Requested reviews:
> Zeitgeist Framework Team (zeitgeist)
>
>
> The SQLite docs say:
> ---
> You shouldn’t assemble your query using Python’s string operations because
doing so is insecure; it makes your program vulnerable to an SQL injection
attack.
>
> Instead, use the DB-API’s parameter substitution. Put ? as a placeholder
wherever you want to use a value, and then provide a tuple of values as the
second argument to the cursor’s execute() method.
> ---
> This branch fixes it.
> --
>
https://code.launchpad.net/~seif/zeitgeist/use-new-placeholders/+merge/42943
> Your team Zeitgeist Framework Team is requested to review the proposed
merge of lp:~seif/zeitgeist/use-new-placeholders into lp:zeitgeist.

-- 
https://code.launchpad.net/~seif/zeitgeist/use-new-placeholders/+merge/42943
Your team Zeitgeist Framework Team is requested to review the proposed merge of lp:~seif/zeitgeist/use-new-placeholders into lp:zeitgeist.



Follow ups

References