google gql

40 views
Skip to first unread message

SHIVAM JINDAL

unread,
Dec 21, 2015, 9:20:12 AM12/21/15
to Google App Engine
class Profile(BlogHandler):
    def get(self,user_name):
        self.response.out.write(user_name);
        querystring = 'select * from Post where Post.content = %s order by created desc' %'testting';
        posts = greetings = db.GqlQuery(querystring);
        self.render('profile.html', posts = posts)


invalid where condition at symbol testting

if I remove where condition it work properly

Alex Martelli

unread,
Dec 21, 2015, 10:03:37 AM12/21/15
to google-a...@googlegroups.com
In GQL just as in most every other SQL-like language, it's a serious mistake to use string formatting (as you're doing) instead of query parameters. Not only can you get the query syntax wrong, you're opening yourself to the security problems known as "SQL injection" -- see https://xkcd.com/327/ .

Just use query parameters as normal (and, it's truly peculiar to use semicolons in Python):

querystring = 'select * from Post where Post.content = :1 order by created desc'
posts = db.GqlQuery(querystring, 'testing')


Alex


--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/ea67cbc3-8a41-4621-8742-580736e2bc06%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

SHIVAM JINDAL

unread,
Dec 21, 2015, 10:06:55 AM12/21/15
to google-a...@googlegroups.com
thanx.....

--
You received this message because you are subscribed to a topic in the Google Groups "Google App Engine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-appengine/Tl_jlGd_Mc0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-appengi...@googlegroups.com.

To post to this group, send email to google-a...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/CAE46Be8U9Jj5B6_gSLJ_-s%3DpeEOEOH3M0t_wPjqSsNc%2BpWr14Q%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages