Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
icebraining
on Jan 4, 2016
|
parent
|
context
|
favorite
| on:
New string formatting in Python
But again, if you can inject that into the source code, why can't you just do
"SELECT {};".format(settings.SECRET_KEY)
Remember that the interpolation only works for string literals, you can't inject that from external input.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
