Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #48454

Re: Why 'files.py' does not print the filenames into a table format?

From Ferrous Cranus <support@superhost.gr>
Newsgroups comp.lang.python
Subject Re: Why 'files.py' does not print the filenames into a table format?
Date 2013-06-16 16:57 +0300
Organization National Technical University of Athens, Greece
Message-ID <kpkg94$1bva$1@news.ntua.gr> (permalink)
References (1 earlier) <mailman.3401.1371325647.3114.python-list@python.org> <kpigkm$1j17$1@news.ntua.gr> <BCCFA72E-13C7-4A2C-A73B-BB40F263F537@schollnick.net> <mailman.3416.1371336710.3114.python-list@python.org> <kpj33l$1j17$4@news.ntua.gr>

Show all headers | View raw

On 16/6/2013 4:07 πμ, Nick the Gr33k wrote:
> On 16/6/2013 1:51 πμ, Chris Angelico wrote:
>> On Sun, Jun 16, 2013 at 6:29 AM, Benjamin Schollnick
>> <benjamin@schollnick.net> wrote:
>>> cur.execute('''SELECT ID FROM counters WHERE url = %s''', page )
>>> cur.execute('''INSERT INTO counters (url) VALUES (%s)''', page )
>>>
>>> Sure, whoever wrote that code is a fool.
>>>
>>> http://xkcd.com/327/
>>>
>>> They didn't sanitize your database inputs.
>>
>> I assume you're talking about the above two lines of code? They're not
>> SQL injection targets.
>
> Then how those page entries found in the database Chris?
>
>> The clue is that the %s isn't in quotes.
>
> What happens if i write it like this?
>
> cur.execute('''SELECT ID FROM counters WHERE url = "%s"''', page )
>
> How quoting of %s helps here?
>
>> This is an out-of-band argument passing method (actually, since he's
>> using
>> MySQL (IIRC), it's probably just going to escape it and pass it on
>> through, but it comes to the same thing), so it's safe.
>
> Yes iam using a comma and not a substitute operator, so input is mysql
> validates.
>
> Please explain what is an "out-of-band argument passing method"
>
> What your idea of those entries made it to the counters database table?
>
>

Chris? Care to explain please?

-- 
What is now proved was at first only imagined!

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-15 22:38 +0300
  Re: Why 'files.py' does not print the filenames into a table format? Jarrod Henry <jarrodhenry@gmail.com> - 2013-06-15 14:46 -0500
    Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-15 22:51 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Benjamin Schollnick <benjamin@schollnick.net> - 2013-06-15 16:29 -0400
      Re: Why 'files.py' does not print the filenames into a table format? Joshua Landau <joshua.landau.ws@gmail.com> - 2013-06-15 21:37 +0100
        Re: Why 'files.py' does not print the filenames into a table format? Νίκος <support@superhost.gr> - 2013-06-17 08:58 +0300
          Re: Why 'files.py' does not print the filenames into a table format? Νίκος <support@superhost.gr> - 2013-06-17 09:11 +0300
            Re: Why 'files.py' does not print the filenames into a table format? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-17 07:00 +0000
              Re: Why 'files.py' does not print the filenames into a table format? Simpleton <support@superhost.gr> - 2013-06-17 12:07 +0300
                Re: Why 'files.py' does not print the filenames into a table format? Simpleton <support@superhost.gr> - 2013-06-17 12:18 +0300
                Re: Why 'files.py' does not print the filenames into a table format? Simpleton <support@superhost.gr> - 2013-06-17 13:26 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Chris Angelico <rosuav@gmail.com> - 2013-06-16 08:51 +1000
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:07 +0300
          Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-16 05:06 +0000
            Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Nick the Gr33k <support@superhost.gr> - 2013-06-16 11:28 +0300
              Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-16 10:33 +0000
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Ferrous Cranus <support@superhost.gr> - 2013-06-16 13:57 +0300
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-16 12:09 +0100
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Ferrous Cranus <support@superhost.gr> - 2013-06-16 14:12 +0300
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Chris “Kwpolska” Warrick <kwpolska@gmail.com> - 2013-06-16 13:19 +0200
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Chris “Kwpolska” Warrick <kwpolska@gmail.com> - 2013-06-16 13:03 +0200
          Re: Why 'files.py' does not print the filenames into a table format? Ferrous Cranus <support@superhost.gr> - 2013-06-16 16:57 +0300
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:10 +0300
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:24 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Grant Edwards <invalid@invalid.invalid> - 2013-06-17 14:50 +0000
  Re: Why 'files.py' does not print the filenames into a table format? Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-15 22:29 +0100
    Re: Why 'files.py' does not print the filenames into a table format? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-16 00:10 +0000
      Re: Why 'files.py' does not print the filenames into a table format? alex23 <wuwei23@gmail.com> - 2013-06-16 17:04 -0700
        Re: Why 'files.py' does not print the filenames into a table format? Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-17 01:31 +0100
    Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:03 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-16 02:10 +0100
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:28 +0300
  Re: Why 'files.py' does not print the filenames into a table format? Denis McMahon <denismfmcmahon@gmail.com> - 2013-06-16 07:23 +0000
    Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 11:35 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Denis McMahon <denismfmcmahon@gmail.com> - 2013-06-16 08:55 +0000
      Re: Why 'files.py' does not print the filenames into a table format? Ferrous Cranus <support@superhost.gr> - 2013-06-16 16:59 +0300
  Re: Why 'files.py' does not print the filenames into a table format? jmfauth <wxjmfauth@gmail.com> - 2013-06-16 05:57 -0700

csiph-web