Programming Forums - View Single Post - Emulating Behaviour Of "mysql_real_escape_string"

Arevos · Nov 28th, 2007, 4:06 PM

You can stop SQL injections by using parameters, e.g:

cursor.execute("SELECT * FROM users WHERE login = '%s' AND passwd = '%s'", (login, passwd))

Nov 28th, 2007, 4:06 PM	#2
Arevos Programming Guru Join Date: Aug 2005 Location: England Posts: 1,499 Rep Power: 5	Re: Emulating Behaviour Of "mysql_real_escape_string" You can stop SQL injections by using parameters, e.g: (Toggle Plain Text) cursor.execute("SELECT * FROM users WHERE login = '%s' AND passwd = '%s'", (login, passwd)) cursor.execute("SELECT * FROM users WHERE login = '%s' AND passwd = '%s'", (login, passwd))