comp.lang.python archive
Re: 'ascii' codec can't encode character u'\u2013'
From: John J. Lee <jjl@pobox.com>
Date: Fri Sep 30 2005 - 22:07:56 CEST
Date: Fri Sep 30 2005 - 22:07:56 CEST
deelan <ggg@zzz.it> writes:
[...]
> query = "UPDATE blogs_news SET text = %s WHERE id=%s"
> cursor.execute(query, (text_extrated, id))
>
> so mysqldb will take care to quote text_extrated automatically. this
> may not not your problem, but it's considered "good style" when dealing
> with dbs.
[...]
More than just good style: it prevents SQL injection attacks that
could otherwise allow people to do bad things to your databases.
John
Received on Sat Oct 15 04:01:05 2005