Re: Checking each item in m.group()?
- From: miller.paul.w@xxxxxxxxx
- Date: Mon, 2 Jun 2008 14:24:21 -0700 (PDT)
On Jun 2, 5:06 pm, Peter Otten <__pete...@xxxxxx> wrote:
You are taking the wrong approach here.
Don't build SQL statements as strings; you are enabling the next SQL
injection attack. Pass parameters using the DB API instead.
Don't use regular expressions to parse a CSV file. Python's csv module is
more likely to deal correctly with the quirks of that standard.
I'd like to second both these statements. Regardless of whether these
CSV files are from a trusted source or not, it's a virtual truism of
programming that eventually, any application will be used in ways it
was not intended. Since using a parameterized query is a simple way
to avoid a common security hole, even if such a thing could never be
exploited by the app in its current configuration, you should do
things the Right Way. That way, even if your code is twisted to some
other use in the future, it's less likely to cause problems.
.
- Follow-Ups:
- Re: Checking each item in m.group()?
- From: rurpy
- Re: Checking each item in m.group()?
- References:
- [Re] Checking each item in m.group()?
- From: nospam@xxxxxxxxxx
- Re: [Re] Checking each item in m.group()?
- From: Peter Otten
- [Re] Checking each item in m.group()?
- Prev by Date: Re: ThreadPoolingMixIn
- Next by Date: Re: python blogs
- Previous by thread: Re: [Re] Checking each item in m.group()?
- Next by thread: Re: Checking each item in m.group()?
- Index(es):
Relevant Pages
|
