MySQLdb injection support
Hello,
I cannot figure out how should I set up language injection so my "%s" variables should not break MySQL expression. I use MySQLdb connector.
For example:
cursor.execute('SELECT `group_id` FROM `groups` WHERE team_id=%s', (1, 2))
%s is an error!
Or maybe you can advice some alternative for MySQLdb that easily replace it?
I cannot figure out how should I set up language injection so my "%s" variables should not break MySQL expression. I use MySQLdb connector.
For example:
cursor.execute('SELECT `group_id` FROM `groups` WHERE team_id=%s', (1, 2))
%s is an error!
Or maybe you can advice some alternative for MySQLdb that easily replace it?
Please sign in to leave a comment.
I decided to migrate to oursql for now. Syntax is almost the same (but no autocommit method on connection). It supports question mark notation... Anyway will love to see this bug get fixed in future versions.