Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!newsreader4.netcologne.de!news.netcologne.de!xlned.com!feeder1.xlned.com!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.075 X-Spam-Evidence: '*H*': 0.85; '*S*': 0.00; 'mrab': 0.05; 'string': 0.09; '%s",': 0.09; 'act,': 0.09; 'mess': 0.09; 'question.': 0.14; '"we': 0.16; 'michigan': 0.16; 'susceptible': 0.16; 'thanks,': 0.17; 'wrote:': 0.18; 'do.': 0.18; 'wed,': 0.18; 'example': 0.22; 'to:name:python-list@python.org': 0.22; "shouldn't": 0.24; 'skip:\xa0 20': 0.24; 'query': 0.26; 'this:': 0.26; 'values': 0.27; 'header:In-Reply-To:1': 0.27; 'received:209.85.217': 0.29; 'database,': 0.30; 'kevin': 0.30; 'message-id:@mail.gmail.com': 0.30; 'url:mailman': 0.30; '"do': 0.31; 'safely': 0.31; 'subject:Database': 0.31; 'handled': 0.32; 'url:python': 0.33; 'skip:d 20': 0.34; 'received:209.85': 0.35; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'building': 0.35; 'data,': 0.36; 'science,': 0.36; 'url:listinfo': 0.36; 'doing': 0.36; 'url:org': 0.36; 'should': 0.36; 'received:209': 0.37; '8bit%:4': 0.38; 'to:addr:python-list': 0.38; 'pm,': 0.38; 'to:addr:python.org': 0.39; 'university': 0.39; 'users': 0.40; 'url:mail': 0.40; 'then,': 0.60; 'you.': 0.62; 'information': 0.63; 'today': 0.64; 'more': 0.64; 'records,': 0.69; 'business': 0.70; 'to,': 0.72; '"do': 0.84; '"we': 0.84; 'excellence,': 0.84; 'mcp': 0.84; 'western': 0.86; 'tomorrow': 0.95; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=JU+YtJOomnUKxsJlzyfneH1NlronN2oE5AKp5uxzVcU=; b=nLrAb7wcYUYCrl3gHGF/4z8pmD0NUfYUGrWIiVcXfkd2sq/zmFHJg6PXGhj/l4DKqu 2U2OUY3Pa3R9D+Rk0Lm4Q3L/RQBai4BJASfmV1gKr01uc6wO/StitGJeAtgqj49RuHBC dq8k+apfe3rfFD+7Wyp79lnmUtchiElSRlVpE66GYaKA64NUtW9bISxZ+PZEX+I1IwkO Ntzya2kULW88JcHY84fe3kp7nkRNnw0PpCrsRQhDqVKiDRj+FOlYPlniIZdDshIxXgTL rvqGFI0gMiL2CvvtoiUI/nJT8gdC017k1twxgeKv2bow1ngrLET+2rDUmb4eV45uDVOJ bwKg== MIME-Version: 1.0 X-Received: by 10.112.190.6 with SMTP id gm6mr3881651lbc.41.1368041462817; Wed, 08 May 2013 12:31:02 -0700 (PDT) In-Reply-To: <518AA27B.20409@mrabarnett.plus.com> References: <518AA27B.20409@mrabarnett.plus.com> Date: Wed, 8 May 2013 15:31:02 -0400 Subject: Re: MySQL Database From: Kevin Holleran To: "python-list@python.org" Content-Type: multipart/alternative; boundary=001a11c2653a6de91304dc39f9b5 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 120 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1368041471 news.xs4all.nl 16001 [2001:888:2000:d::a6]:40535 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:44961 --001a11c2653a6de91304dc39f9b5 Content-Type: text/plain; charset=ISO-8859-1 Thanks, I actually intend to, was just whipping something up to be an example for my question. -- Kevin Holleran Master of Science, Computer Information Systems Grand Valley State University Master of Business Administration Western Michigan University GCFA, GCFE, CCNA, ISA, MCSA, MCDST, MCP "Do today what others won't, do tomorrow what others can't" - SEALFit "We are what we repeatedly do. Excellence, then, is not an act, but a habit." - Aristotle On Wed, May 8, 2013 at 3:07 PM, MRAB wrote: > On 08/05/2013 19:52, Kevin Holleran wrote: > >> Hello, >> >> I want to connect to a MySQL database, query for some records, >> manipulate some data, and then update the database. >> >> When I do something like this: >> >> db_c.execute("SELECT a, b FROM Users") >> >> for row in db_c.fetchall(): >> >> (r,d) = row[0].split('|') >> >> (g,e) = domain.split('.') >> >> db_c.execute("UPDATE Users SET g = '"+ g + "' WHERE a ='"+ >> row[0]) >> >> >> Will using db_c to update the database mess up the loop that is cycling >> through db_c.fetchall()? >> >> You shouldn't be building an SQL string like that because it's > susceptible to SQL injection. You should be doing it more like this: > > db_c.execute("UPDATE Users SET g = %s WHERE a = %s", (g, row[0])) > > The values will then be handled safely for you. > -- > http://mail.python.org/**mailman/listinfo/python-list > --001a11c2653a6de91304dc39f9b5 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Thanks, =A0I actually intend to, was just whipping somethi= ng up to be an example for my question.


=

--
Ke= vin Holleran
Master of Science, Computer Information Systems
Grand Valley State Unive= rsity
Master of Business Administration
Western Michigan UniversityGCFA,=A0GCFE, CC= NA, ISA, MCSA, MCDST, MCP

"Do today what others won't, do tomorrow what others can&= #39;t" - SEALFit

"We are what we repeatedly do= . Excellence, then, is not an act, but a habit." - Aristotle


On Wed, May 8, 2013 at 3:07 PM, MRAB <python@mrabarnett.plus.com> wrote:
On 08/05/2013 19:52, Kevin Holleran= wrote:
Hello,

I want to connect to a MySQL database, query for some records,
manipulate some data, and then update the database.

When I do something like this:

=A0 =A0 =A0db_c.execute("SELECT a, b FROM Users")

for row in db_c.fetchall():

=A0 =A0 =A0 =A0 =A0(r,d) =3D row[0].split('|')

=A0 =A0 =A0 =A0 =A0(g,e) =3D domain.split('.')

=A0 =A0 =A0 =A0 =A0db_c.execute("UPDATE Users SET g =3D '"+ g= + "' WHERE a =3D'"+ row[0])


Will using db_c to update the database mess up the loop that is cycling
through db_c.fetchall()?

You shouldn't be building an SQL string like that because it's
susceptible to SQL injection. You should be doing it more like this:

db_c.execute("UPDATE Users SET g =3D %s WHERE a =3D %s", (g, row[= 0]))

The values will then be handled safely for you.
--
http://mail.python.org/mailman/listinfo/python-list

--001a11c2653a6de91304dc39f9b5--