Path: csiph.com!usenet.pasdenom.info!aioe.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; '(at': 0.04; '-----------': 0.05; 'argument': 0.05; 'schema': 0.05; 'string': 0.09; 'filename': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'template.': 0.09; 'python': 0.11; '%s,': 0.16; '(host,': 0.16; '>in': 0.16; 'adapter': 0.16; 'filename)': 0.16; 'hits': 0.16; 'least)': 0.16; 'message-id:@4ax.com': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'selects': 0.16; 'subject:failed': 0.16; 'wrote:': 0.18; 'variable': 0.18; 'trying': 0.19; 'items.': 0.19; 'properly': 0.19; '(the': 0.22; 'exists': 0.24; 'url:home': 0.24; "i've": 0.25; 'handling': 0.26; 'query': 0.26; 'pass': 0.26; 'header:X -Complaints-To:1': 0.27; 'host': 0.29; 'correct': 0.29; 'statement': 0.30; 'along': 0.30; "i'm": 0.30; 'quotes': 0.31; 'file': 0.32; 'subject:time': 0.33; 'charset:us-ascii': 0.36; 'responsible': 0.36; 'being': 0.38; 'received:76': 0.38; 'form,': 0.38; 'to:addr:python-list': 0.38; 'files': 0.38; 'rather': 0.38; 'sure': 0.39; 'to:addr:python.org': 0.39; 'received:org': 0.40; 'by:': 0.65; 'results': 0.69; 'special': 0.74; 'article': 0.77; '2013': 0.98 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Dennis Lee Bieber Subject: Re: Updating a filename's counter value failed each time Date: Mon, 17 Jun 2013 19:30:46 -0400 Organization: IISS Elusive Unicorn References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: adsl-76-249-16-192.dsl.klmzmi.sbcglobal.net X-Newsreader: Forte Agent 6.00/32.1186 X-No-Archive: YES X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 38 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1371511858 news.xs4all.nl 15864 [2001:888:2000:d::a6]:37927 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:48578 On 17 Jun 2013 17:54:33 GMT, jt@toerring.de (Jens Thoms Toerring) declaimed the following: >In article you wrote: >> After a user selects a file from the form, that sleection of his can be >> found form reading the variable 'filename' > >> If the filename already exists in to the database i want to update its >> counter and that is what i'm trying to accomplish by: > >> ----------- >> if form.getvalue('filename'): >> cur.execute('''UPDATE files SET hits = hits + 1, host = %s, lastvisit = >> %s WHERE url = %s''', (host, lastvisit, filename) ) > >There are (single) quotes missing around (at least) the file >name (the 'url' column) which I'm rather sure is a string - >you need them around all strings you use in SQL statements. > No he doesn't... The db-api adapter is responsible for properly handling parameterized queries. In the case of MySQLdb -- IT will wrap each argument with quotes, along with escaping any special characters. This is also why one can NOT pass schema entities (table/field names) to a parameterized query -- the adapter "safes" them which results in them no longer being valid schema items. NONE of the db-api adapters I've used require one to put quotes into the query template. Your statement would be correct IF one were using Python string interpolation to fill in the query. -- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/