[mod_python] addSlashes() in python, sql cgi question

Dustin Mitchell dustin at ywlcs.org
Thu Jun 5 22:23:02 EST 2003 

> I really like Perl's "warn me if I actually use anything given to me
> from the outside without validating it" option, but hey, we're Python
> programmers -- we shouldn't need our hands held.  Validate, validate,
> validate.

No, we're smart programmers who use reusable code.  Validate. (once)

And someone's already written validation code for each specific DB engine, in
the form of placeholders in cursors.  If you don't want to use placeholders,
at least be sure to write a single, **correct** validation function which you
use religiously.

Perl's taint feature bugs me because it's fairly liberal about what it meants
to "validate", so it's possible to convince Perl that everything's cool while
still leaving yourself open.  That's why we Pythonistas don't like our hands
being held. 'nuf said.

Dustin

-- 

  Dustin Mitchell
  dustin at ywlcs.org/djmitche at alumni.uchicago.edu
  http://people.cs.uchicago.edu/~dustin/

More information about the Mod_python mailing list