Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

MySQLdb._escape_string() broken in Python 2.7 #1

Copy link
Copy link

Description

@spizeck
Issue body actions

I was having a bunch of trouble getting the registration page to work and someone on stackoverflow (http://stackoverflow.com/questions/3617052/escape-string-python-for-mysql) suggested an alternate way after I found a bunch of posts relating to the escape_string currently being broken. I edited __init__.py registration page with the following and was able to get it to work.

sql_check_reg = "SELECT * FROM users WHERE username = (%s)"
x = c.execute(sql_check_reg, (username,))

and:

sql_insert_reg = "INSERT INTO users (username, password, email) VALUES (%s, %s, %s)"
c.execute(sql_insert_reg, (username, password, email))

Maybe you could verify that this is in fact a good method and not susceptible to sql injection?

Reactions are currently unavailable

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

    Morty Proxy This is a proxified and sanitized view of the page, visit original site.