[python] hash, mysql

Tomáš Drenčák tomas na drencak.com
Čtvrtek Březen 19 22:09:56 CET 2009


Povodne tam bolo:
 "SELECT * FROM users WHERE name='root' AND password=%s" % password
a treba aby sa to spustalo:
cursor.execute( "SELECT * FROM users WHERE name='root' AND
password=%s", password)

DB API pouziva %s ako placeholdery namiesto ?

2009/3/19 Dan Pressl <nu.frix na gmail.com>:
> Ja nechci rejpat, ale nemelo by misto:
>
> %s
>
> byt spis:
>
> ?
>
> aby nemohlo dojit tak snadno k SQL Injection ?
>
> 2009/3/19  <Calis.martin na seznam.cz>:
>> Dobrý den, mám problémy se spoluprací se sql serverem:
>>
>> server my vrací chybu:
>> ProgrammingError: (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'\xa1A\x91k\xc7\xde\x17M\xe0j\xec\xc2\xf1(,iq|\x839;&\x17\xc4\xc1\xcc\x04\x93\x0e\xc81R\xf5UB&\xd1\xaf\xb4P"\' at line 1')
>>
>>
>> při interpretaci:  "SELECT * FROM users WHERE name='root' AND password=%s" % password
>>
>
>
> --
> ^nu.friX
> aka Dan Pressl
> Reality is useless & F4Q DMNC!!!
> Every syntax creates code. And code is poetry.
> _______________________________________________
> Python mailing list
> Python na py.cz
> http://www.py.cz/mailman/listinfo/python
>


Další informace o konferenci Python