database refactored: use placeholders instead of concatenations
authorGermán Poo-Caamaño <gpoo@gnome.org>
Sun, 2 Oct 2011 04:00:00 +0000 (21:00 -0700)
committerSantiago Dueñas <sduenas@libresoft.es>
Thu, 6 Oct 2011 07:55:21 +0000 (09:55 +0200)
commitc24cccef29beb25a89ada668ac80b297e9de57ff
tree8e36322f18cf9d239dd749b97f67db4c8d2e5fe4
parentc9ca65dc6d489d578e8494ea59feafdb22850488
database refactored: use placeholders instead of concatenations

It is not recommendable to concatenate sql statements with
variables. It does not allow a proper escaping, it is prone to SQL
Injection attacks, among other issues.

Still there are other issues (improper mix of placeholders with
and without quotations), but this patch makes the output and
processing exactly equal with respect to master.

Signed-off-by: Germán Poo-Caamaño <gpoo@gnome.org>
pymlstats/database.py
pymlstats/main.py