Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #75930
| Path | csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!lightspeed.eweka.nl!lightspeed.eweka.nl!newsfeed.xs4all.nl!newsfeed1a.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <rosuav@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.004 |
| X-Spam-Evidence | '*H*': 0.99; '*S*': 0.00; 'broken': 0.04; '(even': 0.05; 'subject:help': 0.08; 'string': 0.09; 'defines': 0.09; 'cc:addr:python-list': 0.11; 'python': 0.11; "(it's": 0.16; 'api,': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'instead:': 0.16; 'method;': 0.16; 'name)': 0.16; 'quoted': 0.16; 'substitute': 0.16; 'sat,': 0.16; 'wrote:': 0.18; 'value.': 0.19; 'meant': 0.20; 'aug': 0.22; 'cc:addr:python.org': 0.22; 'cc:2**0': 0.24; 'sort': 0.25; 'this:': 0.26; 'values': 0.27; 'header:In-Reply-To:1': 0.27; 'message-id:@mail.gmail.com': 0.30; '(which': 0.31; 'program,': 0.31; 'subject:some': 0.31; 'allows': 0.31; 'file': 0.32; 'probably': 0.32; 'text': 0.33; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'really': 0.36; 'next': 0.36; 'too': 0.37; 'ahead': 0.38; 'pm,': 0.38; 'anything': 0.39; 'quote': 0.39; 'even': 0.60; 'skip:u 10': 0.60; 'enclosed': 0.60; 'engines': 0.60; 'most': 0.60; 'john': 0.61; 'toy': 0.84; 'absolutely': 0.87; 'good,': 0.91; 'to:none': 0.92 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=KsAD+UBlB8edcTS4qsmb3YmF/buexze1gGMDhaYZbNM=; b=Xf8v1m7h403ejETkPiRvFsCM3fgqMnFCdlHhnq4WsQ2/sXAffiYsBKKYUurBjGnyxV Ll0NfWLm4TqgkoaxxQhqKmLWRbDfoYloiWuEAyHbP8ESEDwEEwc3QgyEFguKB5sUX/y0 FNjB6epcKUoqhDRZlqrEWZDLucBs7lnCU0k2mdeuGyun+mOR9y84vSPQUN/NNVopfEnk BPOc4HNJBh6q03htKlWsG0CJgM4YteKQuM4O8rkia6NNpDNuFzd42lzlsiY+w+vPqcSF q4DeheKpcmjD84LTpMchf0AAqqh1KEZtg1t8+jotwKPPgegEe6kKGZOZlxWIzbPlfVtV dD7A== |
| MIME-Version | 1.0 |
| X-Received | by 10.50.80.76 with SMTP id p12mr10590701igx.34.1407553404621; Fri, 08 Aug 2014 20:03:24 -0700 (PDT) |
| In-Reply-To | <ls42al$nlu$1@reader1.panix.com> |
| References | <mailman.12762.1407533916.18130.python-list@python.org> <ls42al$nlu$1@reader1.panix.com> |
| Date | Sat, 9 Aug 2014 13:03:24 +1000 |
| Subject | Re: Newbie needing some help |
| From | Chris Angelico <rosuav@gmail.com> |
| Cc | "python-list@python.org" <python-list@python.org> |
| Content-Type | text/plain; charset=UTF-8 |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.12784.1407553407.18130.python-list@python.org> (permalink) |
| Lines | 29 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1407553407 news.xs4all.nl 2936 [2001:888:2000:d::a6]:43661 |
| X-Complaints-To | abuse@xs4all.nl |
| X-Received-Bytes | 4706 |
| X-Received-Body-CRC | 3942225853 |
| Xref | csiph.com comp.lang.python:75930 |
Show key headers only | View raw
On Sat, Aug 9, 2014 at 12:51 PM, John Gordon <gordon@panix.com> wrote: > You probably meant something like this instead: > > sql = "DELETE FROM tblc_users WHERE user_email=%s" % line > > This will substitute the value of line for the %s. > > However, most (all?) SQL databases require string values to be enclosed > in single quotes, and your databse likely defines user_email as a string > value. So you probably actually want something like this: > > sql = "DELETE FROM tblc_users WHERE user_email='%s'" % line > > And even this solution isn't very good, because it allows SQL injection > attacks if your text file contains something nasty. If this is anything > other than a toy program, please take the time to look up prepared > statements. All SQL databases require strings to be quoted (it's part of the SQL spec), although some broken database engines (which I shall not name) do allow other forms of quote than the apostrophe. But I would advise against even suggesting the interpolation method; there's absolutely no reason ever to do this sort of thing - it's just way too fragile. (Even if you think you can get it perfectly right now, do you really want to inflict the headache on the code's next maintainer?) Parameterized queries are a part of the Python database API, so go ahead and use them. ChrisA
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
Newbie needing some help Matt Smith <smithmm@tblc.org> - 2014-08-08 15:07 -0400
Re: Newbie needing some help John Gordon <gordon@panix.com> - 2014-08-09 02:51 +0000
Re: Newbie needing some help Chris Angelico <rosuav@gmail.com> - 2014-08-09 13:03 +1000
csiph-web