Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!goblin2!goblin.stu.neva.ru!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Sender: Benjamin Schollnick <bschollnick@schollnick.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4F17A3F4-E5C8-412B-9286-5B5F1F54C800"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Subject: Re: Why 'files.py' does not print the filenames into a table format?
From: Benjamin Schollnick <benjamin@schollnick.net>
In-Reply-To: <kpigkm$1j17$1@news.ntua.gr>
Date: Sat, 15 Jun 2013 16:29:57 -0400
References: <kpifru$3kp$3@news.ntua.gr> <mailman.3401.1371325647.3114.python-list@python.org> <kpigkm$1j17$1@news.ntua.gr>
To: Nick the Gr33k <support@superhost.gr>
Cc: python-list@python.org
Precedence: list
Newsgroups: comp.lang.python
Message-ID: <mailman.3405.1371328210.3114.python-list@python.org>
Lines: 135
NNTP-Posting-Host: 2001:888:2000:d::a6
Xref: csiph.com comp.lang.python:48365


--Apple-Mail=_4F17A3F4-E5C8-412B-9286-5B5F1F54C800
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-7

>> Nick, at this point, you need to hire someone to do your work for =
you.
>=20
> The code is completely ready.
> Some detail is missing and its not printing the files as expected.

Then the code is not completely ready, it has bugs, and your trying to =
have the list debug and fix it for you for free.

> Irrelevant to my question i just noticed weird behavior about my =
pelatologio.py script which can be seen here:
>=20
> http://superhost.gr/?show=3Dstats
>=20
> The first 3 files are of my doing.
> All the rest are of someone else's that managed to append entries into =
my counters database utilizing this code:
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> 	try:
> 		#find the needed counter for the page URL
> 		cur.execute('''SELECT ID FROM counters WHERE url =3D =
%s''', page )
> 		data =3D cur.fetchone()        #URL is unique, so should =
only be one
> 		=09
> 		if not data:
> 			#first time for page; primary key is automatic, =
hit is defaulted
> 			cur.execute('''INSERT INTO counters (url) VALUES =
(%s)''', page )
> 			cID =3D cur.lastrowid        #get the primary =
key value of the new record
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> Does someone want to state something?

Sure, whoever wrote that code is a fool.

http://xkcd.com/327/

<img src=3D"http://imgs.xkcd.com/comics/exploits_of_a_mom.png">

They didn't sanitize your database inputs.

My suggestion would be for you to stop trying to re-invent the wheel, =
and use COTS software. =20

		- Benjamin


--Apple-Mail=_4F17A3F4-E5C8-412B-9286-5B5F1F54C800
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=iso-8859-7

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Diso-8859-7"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><div><blockquote type=3D"cite"><blockquote type=3D"cite">Nick, at this =
point, you need to hire someone to do your work for =
you.<br></blockquote><br>The code is completely ready.<br>Some detail is =
missing and its not printing the files as =
expected.<br></blockquote><div><br></div>Then the code is not completely =
ready, it has bugs, and your trying to have the list debug and fix it =
for you for free.</div><div><br><blockquote type=3D"cite">Irrelevant to =
my question i just noticed weird behavior about my pelatologio.py script =
which can be seen here:<br><br><a =
href=3D"http://superhost.gr/?show=3Dstats">http://superhost.gr/?show=3Dsta=
ts</a><br><br>The first 3 files are of my doing.<br>All the rest are of =
someone else's that managed to append entries into my counters database =
utilizing this code:<br><br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
<br><br><span class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span>try:<br><span class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span><span class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span>#find the needed counter for the page URL<br><span =
class=3D"Apple-tab-span" style=3D"white-space:pre">	</span><span =
class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span>cur.execute('''SELECT ID FROM counters WHERE url =3D %s''', page =
)<br><span class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span><span class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span>data =3D cur.fetchone() =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#URL is unique, so should only =
be one<br><span class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span><span class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span><span class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span><br><span class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span><span class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span>if not data:<br><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span>#first time for page; primary key =
is automatic, hit is defaulted<br><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span>cur.execute('''INSERT INTO =
counters (url) VALUES (%s)''', page )<br><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span>cID =3D cur.lastrowid =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#get the primary key value of =
the new record<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D<br><br>Does someone want to state =
something?</blockquote><br></div><div>Sure, whoever wrote that code is a =
fool.</div><div><br></div><div><span style=3D"font-family: Lucida, =
Helvetica, sans-serif; font-size: 16px; font-variant: small-caps; =
text-align: center; background-color: rgb(255, 255, 255); "><a =
href=3D"http://xkcd.com/327/">http://xkcd.com/327/</a></span></div><div><s=
pan style=3D"font-family: Lucida, Helvetica, sans-serif; font-size: =
16px; font-variant: small-caps; text-align: center; background-color: =
rgb(255, 255, 255); "><br></span></div><div><span style=3D"font-family: =
Lucida, Helvetica, sans-serif; font-size: 16px; font-variant: =
small-caps; text-align: center; background-color: rgb(255, 255, 255); =
">&lt;img src=3D"</span><span style=3D"background-color: rgb(255, 255, =
255); font-family: Lucida, Helvetica, sans-serif; font-size: 16px; =
font-variant: small-caps; text-align: center; "><a =
href=3D"http://imgs.xkcd.com/comics/exploits_of_a_mom.png">http://imgs.xkc=
d.com/comics/exploits_of_a_mom.png</a>"&gt;</span></div><div><span =
style=3D"background-color: rgb(255, 255, 255); font-family: Lucida, =
Helvetica, sans-serif; font-size: 16px; font-variant: small-caps; =
text-align: center; "><br></span></div><div>They didn't sanitize your =
database inputs.</div><div><br></div><div>My suggestion would be for you =
to stop trying to re-invent the wheel, and use COTS software. =
&nbsp;</div><div><br></div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">		</span>- =
Benjamin</div><div><br></div></body></html>=

--Apple-Mail=_4F17A3F4-E5C8-412B-9286-5B5F1F54C800--