|
|
|
|
|
|
by mitch3x3
2599 days ago
|
|
|
Pyscopg2 + Raw SQL inside of “”” “”” strings, and use %(foo)s as a parameter placeholder. Cur.execute will accept a parameter dictionary like: cur.execute(query, {‘foo’: bar}) Passing values directly into cur.execute is the best way to prevent SQL injection as well since it will sanitize the input params upon running |
|
|