Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #48381

Re: Why 'files.py' does not print the filenames into a table format?

Path csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!news.stack.nl!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <rosuav@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.001
X-Spam-Evidence '*H*': 1.00; '*S*': 0.00; 'subject:not': 0.03; '16,': 0.03; 'argument': 0.05; "subject:' ": 0.07; 'escape': 0.09; 'subject:Why': 0.09; 'subject:into': 0.09; 'sure,': 0.09; 'assume': 0.14; 'wrote': 0.14; 'benjamin': 0.16; 'code?': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'subject:format': 0.16; 'through,': 0.16; 'wrote:': 0.18; 'passing': 0.19; 'pass': 0.26; 'values': 0.27; 'header:In-Reply- To:1': 0.27; 'am,': 0.29; 'message-id:@mail.gmail.com': 0.30; 'code': 0.31; 'lines': 0.31; 'probably': 0.32; 'subject:the': 0.34; 'but': 0.35; 'received:google.com': 0.35; "he's": 0.36; "didn't": 0.36; 'method': 0.36; 'subject:?': 0.36; 'two': 0.37; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; "you're": 0.61; 'talking': 0.65; '(url)': 0.84; 'safe.': 0.84; '2013': 0.98
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=s4m0A52CVM7ZznID7Ep5+C5pEqbmJRaluv2AtQ/fpD0=; b=jJxYTQaN0XGytWhd3ogYpZ+p85XyF5TlUssQVzXGOY0GXZ3fIjqBS+KL8TFlSbmLBs T5E8sNzGIoNc8RmPXrBzHfsKhYwVawJSlrnlePIl88ImGjduJ0W3cXuOELkgohTbNzXU n4yOcOMAKFQ4aqapB96gnIK1zBJ+zJAEPbQmqoahgUZn3EmF8Gtw+LGAl3HQg49xDOg8 dtLCeFfM9i5LynKQzUYjrN+oJqwd2qG7Y2jbBUBSLjv3E6V5KIpv43c0y5OEo7yUalT+ uaTR2MmXsyAbYhrJTJFVNZ/usFnyXhdFxthB4Tu62eXftssK7d1gJouo4tS0bKkvAbrO A0gw==
MIME-Version 1.0
X-Received by 10.220.48.17 with SMTP id p17mr1656656vcf.97.1371336701095; Sat, 15 Jun 2013 15:51:41 -0700 (PDT)
In-Reply-To <BCCFA72E-13C7-4A2C-A73B-BB40F263F537@schollnick.net>
References <kpifru$3kp$3@news.ntua.gr> <mailman.3401.1371325647.3114.python-list@python.org> <kpigkm$1j17$1@news.ntua.gr> <BCCFA72E-13C7-4A2C-A73B-BB40F263F537@schollnick.net>
Date Sun, 16 Jun 2013 08:51:41 +1000
Subject Re: Why 'files.py' does not print the filenames into a table format?
From Chris Angelico <rosuav@gmail.com>
To python-list@python.org
Content-Type text/plain; charset=ISO-8859-1
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.3416.1371336710.3114.python-list@python.org> (permalink)
Lines 18
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1371336710 news.xs4all.nl 15863 [2001:888:2000:d::a6]:37673
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:48381

Show key headers only | View raw

On Sun, Jun 16, 2013 at 6:29 AM, Benjamin Schollnick
<benjamin@schollnick.net> wrote:
> cur.execute('''SELECT ID FROM counters WHERE url = %s''', page )
> cur.execute('''INSERT INTO counters (url) VALUES (%s)''', page )
>
> Sure, whoever wrote that code is a fool.
>
> http://xkcd.com/327/
>
> They didn't sanitize your database inputs.

I assume you're talking about the above two lines of code? They're not
SQL injection targets. The clue is that the %s isn't in quotes. This
is an out-of-band argument passing method (actually, since he's using
MySQL (IIRC), it's probably just going to escape it and pass it on
through, but it comes to the same thing), so it's safe.

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-15 22:38 +0300
  Re: Why 'files.py' does not print the filenames into a table format? Jarrod Henry <jarrodhenry@gmail.com> - 2013-06-15 14:46 -0500
    Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-15 22:51 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Benjamin Schollnick <benjamin@schollnick.net> - 2013-06-15 16:29 -0400
      Re: Why 'files.py' does not print the filenames into a table format? Joshua Landau <joshua.landau.ws@gmail.com> - 2013-06-15 21:37 +0100
        Re: Why 'files.py' does not print the filenames into a table format? Νίκος <support@superhost.gr> - 2013-06-17 08:58 +0300
          Re: Why 'files.py' does not print the filenames into a table format? Νίκος <support@superhost.gr> - 2013-06-17 09:11 +0300
            Re: Why 'files.py' does not print the filenames into a table format? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-17 07:00 +0000
              Re: Why 'files.py' does not print the filenames into a table format? Simpleton <support@superhost.gr> - 2013-06-17 12:07 +0300
                Re: Why 'files.py' does not print the filenames into a table format? Simpleton <support@superhost.gr> - 2013-06-17 12:18 +0300
                Re: Why 'files.py' does not print the filenames into a table format? Simpleton <support@superhost.gr> - 2013-06-17 13:26 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Chris Angelico <rosuav@gmail.com> - 2013-06-16 08:51 +1000
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:07 +0300
          Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-16 05:06 +0000
            Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Nick the Gr33k <support@superhost.gr> - 2013-06-16 11:28 +0300
              Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-16 10:33 +0000
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Ferrous Cranus <support@superhost.gr> - 2013-06-16 13:57 +0300
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-16 12:09 +0100
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Ferrous Cranus <support@superhost.gr> - 2013-06-16 14:12 +0300
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Chris “Kwpolska” Warrick <kwpolska@gmail.com> - 2013-06-16 13:19 +0200
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Chris “Kwpolska” Warrick <kwpolska@gmail.com> - 2013-06-16 13:03 +0200
          Re: Why 'files.py' does not print the filenames into a table format? Ferrous Cranus <support@superhost.gr> - 2013-06-16 16:57 +0300
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:10 +0300
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:24 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Grant Edwards <invalid@invalid.invalid> - 2013-06-17 14:50 +0000
  Re: Why 'files.py' does not print the filenames into a table format? Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-15 22:29 +0100
    Re: Why 'files.py' does not print the filenames into a table format? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-16 00:10 +0000
      Re: Why 'files.py' does not print the filenames into a table format? alex23 <wuwei23@gmail.com> - 2013-06-16 17:04 -0700
        Re: Why 'files.py' does not print the filenames into a table format? Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-17 01:31 +0100
    Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:03 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-16 02:10 +0100
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:28 +0300
  Re: Why 'files.py' does not print the filenames into a table format? Denis McMahon <denismfmcmahon@gmail.com> - 2013-06-16 07:23 +0000
    Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 11:35 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Denis McMahon <denismfmcmahon@gmail.com> - 2013-06-16 08:55 +0000
      Re: Why 'files.py' does not print the filenames into a table format? Ferrous Cranus <support@superhost.gr> - 2013-06-16 16:59 +0300
  Re: Why 'files.py' does not print the filenames into a table format? jmfauth <wxjmfauth@gmail.com> - 2013-06-16 05:57 -0700

csiph-web