Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsreader4.netcologne.de!news.netcologne.de!xlned.com!feeder3.xlned.com!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <python@mrabarnett.plus.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.027
X-Spam-Evidence: '*H*': 0.95; '*S*': 0.00; 'string': 0.09; '%s",': 0.09; 'mess': 0.09; 'from:addr:mrabarnett.plus.com': 0.16; 'from:addr:python': 0.16; 'from:name:mrab': 0.16; 'message- id:@mrabarnett.plus.com': 0.16; 'received:84.93': 0.16; 'received:84.93.230': 0.16; 'susceptible': 0.16; 'wrote:': 0.18; 'header:User-Agent:1': 0.23; "shouldn't": 0.24; 'query': 0.26; 'this:': 0.26; 'values': 0.27; 'header:In-Reply-To:1': 0.27; 'database,': 0.30; 'kevin': 0.30; 'safely': 0.31; 'subject:Database': 0.31; 'handled': 0.32; 'skip:d 20': 0.34; 'something': 0.35; 'received:84': 0.35; 'building': 0.35; 'data,': 0.36; 'doing': 0.36; 'should': 0.36; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; 'users': 0.40; 'you.': 0.62; 'more': 0.64; 'header:Reply-To:1': 0.67; 'records,': 0.69; 'reply-to:no real name:2**0': 0.71; 'reply-to:addr:python.org': 0.84
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.1 cv=JsTI8qIC c=1 sm=1 tr=0 a=0nF1XD0wxitMEM03M9B4ZQ==:117 a=0nF1XD0wxitMEM03M9B4ZQ==:17 a=0Bzu9jTXAAAA:8 a=7AxPfEIvyrUA:10 a=ihvODaAuJD4A:10 a=OUOv7kDek9cA:10 a=8nJEP1OIZ-IA:10 a=EBOSESyhAAAA:8 a=8AHkEIZyAAAA:8 a=-a86dn-WNucA:10 a=PTvuxdD3xLXehwDSN8QA:9 a=wPNLvfGTeEIA:10
X-AUTH: mrabarnett:2500
Date: Wed, 08 May 2013 20:07:39 +0100
From: MRAB <python@mrabarnett.plus.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: python-list@python.org
Subject: Re: MySQL Database
References: <CAN4UfGzbtM1vtW4EvmjYq0gDAcCzaQTJrPKhuk=VTTTwgH7sZQ@mail.gmail.com>
In-Reply-To: <CAN4UfGzbtM1vtW4EvmjYq0gDAcCzaQTJrPKhuk=VTTTwgH7sZQ@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: python-list@python.org
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.1454.1368040063.3114.python-list@python.org>
Lines: 28
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1368040063 news.xs4all.nl 15936 [2001:888:2000:d::a6]:36223
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:44960

On 08/05/2013 19:52, Kevin Holleran wrote:
> Hello,
>
> I want to connect to a MySQL database, query for some records,
> manipulate some data, and then update the database.
>
> When I do something like this:
>
>      db_c.execute("SELECT a, b FROM Users")
>
> for row in db_c.fetchall():
>
>          (r,d) = row[0].split('|')
>
>          (g,e) = domain.split('.')
>
>          db_c.execute("UPDATE Users SET g = '"+ g + "' WHERE a ='"+ row[0])
>
>
> Will using db_c to update the database mess up the loop that is cycling
> through db_c.fetchall()?
>
You shouldn't be building an SQL string like that because it's
susceptible to SQL injection. You should be doing it more like this:

db_c.execute("UPDATE Users SET g = %s WHERE a = %s", (g, row[0]))

The values will then be handled safely for you.