zeitgeist team mailing list archive

Thread
Date

Re: [Merge] lp:~seif/zeitgeist/use-new-placeholders into lp:zeitgeist

To: mp+42943@xxxxxxxxxxxxxxxxxx
From: Mikkel Kamstrup Erlandsen <mikkel.kamstrup@xxxxxxxxx>
Date: Tue, 07 Dec 2010 14:20:08 -0000
In-reply-to: <20101207140136.3854.11839.launchpad@loganberry.canonical.com>
Reply-to: mp+42943@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

I believe we use the current approach because the 'correct' one fails with
thousands of ids in the arguments
On Dec 7, 2010 3:01 PM, "Seif Lotfy" <seif@xxxxxxxxx> wrote:
> Seif Lotfy has proposed merging lp:~seif/zeitgeist/use-new-placeholders
into lp:zeitgeist.
>
> Requested reviews:
> Zeitgeist Framework Team (zeitgeist)
>
>
> The SQLite docs say:
> ---
> You shouldn’t assemble your query using Python’s string operations because
doing so is insecure; it makes your program vulnerable to an SQL injection
attack.
>
> Instead, use the DB-API’s parameter substitution. Put ? as a placeholder
wherever you want to use a value, and then provide a tuple of values as the
second argument to the cursor’s execute() method.
> ---
> This branch fixes it.
> --
>
https://code.launchpad.net/~seif/zeitgeist/use-new-placeholders/+merge/42943
> Your team Zeitgeist Framework Team is requested to review the proposed
merge of lp:~seif/zeitgeist/use-new-placeholders into lp:zeitgeist.

-- 
https://code.launchpad.net/~seif/zeitgeist/use-new-placeholders/+merge/42943
Your team Zeitgeist Framework Team is requested to review the proposed merge of lp:~seif/zeitgeist/use-new-placeholders into lp:zeitgeist.

Follow ups

Re: [Merge] lp:~seif/zeitgeist/use-new-placeholders into lp:zeitgeist
From: Siegfried Gevatter, 2010-12-07

References

[Merge] lp:~seif/zeitgeist/use-new-placeholders into lp:zeitgeist
From: Seif Lotfy, 2010-12-07