> cursor.execute("SELECT
> GetDirectionDescr("+str(nod_id1)+","+str(nod_id2)+") from sys.dual")
Please note that code means that you might be open to SQL injection.
You should be using the parameters for SQL, see:
https://docs.djangoproject.com/en/dev/topics/db/sql/#passing-parameters-into-raw
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment