In the last episode (Mar 28), Victor Subervi said:
> Hi;
> I'm trying to figure out how to upload images into a MySQL database. (Yes,
> that is what I want to do.) I have a form that asks for data, like this:
>
> 1ra Foto Pequeña:
> <input type='file' name='pic1' />
>
> Then I send that form to a python script that processes like this:
>
> cursor.execute('insert into products (' + col_names + ') values (' +
> col_values + ');')
You want to use prepared statements, bind varaibles, or placeholders
(depending on the terminology python uses) instead of manually building
queries by string concatenation.
--
Dan Nelson
dnelson@stripped
