Path: csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder2.enfer-du-nord.net!cs.uu.nl!news.stack.nl!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.008 X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'charset:iso-8859-7': 0.04; 'yet.': 0.04; 'column': 0.07; 'says.': 0.09; 'to:addr:comp.lang.python': 0.09; 'cc:addr:python-list': 0.11; '"%s"': 0.16; 'attribute.': 0.16; 'hits': 0.16; 'subject:run': 0.16; 'top-level': 0.16; 'wrote:': 0.18; 'module': 0.19; 'thu,': 0.19; 'cc:addr:python.org': 0.22; 'print': 0.22; 'header:User- Agent:1': 0.23; 'error': 0.23; 'cc:2**0': 0.24; 'cc:no real name:2**0': 0.24; 'header:In-Reply-To:1': 0.27; 'chris': 0.29; 'asked': 0.31; 'code': 0.31; 'didnt': 0.31; 'supposed': 0.32; 'says': 0.33; 'received:209.85': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'executing': 0.36; 'received:209': 0.37; 'pm,': 0.38; 'skip:_ 30': 0.39; 'tell': 0.60; 'here': 0.66; 'mar': 0.68; 'yes': 0.68; 'webpage': 0.68; 'greece': 0.84; '\xcc\xe1\xf1\xf4\xdf\xef\xf5': 0.84; '2013': 0.98 X-Received: by 10.49.41.65 with SMTP id d1mr1607032qel.11.1364445045081; Wed, 27 Mar 2013 21:30:45 -0700 (PDT) Newsgroups: comp.lang.python Date: Wed, 27 Mar 2013 21:30:44 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=94.68.83.207; posting-account=DYJQ-woAAACEPH85Au2BhUVfFTfSfVa4 References: <2ac959c6-d169-452f-b622-83fe25fbd8da@googlegroups.com> <19fcf06e-8923-410c-9acd-abd4534c77bf@googlegroups.com> User-Agent: G2/1.0 X-Google-Web-Client: true X-Google-IP: 94.68.83.207 MIME-Version: 1.0 Subject: Re: Cannot run a single MySQLdb execute.... From: =?ISO-8859-7?B?zd/q7/Igw+rxMzPq?= To: comp.lang.python@googlegroups.com Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable Cc: python-list@python.org X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Message-ID: Lines: 50 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1364445053 news.xs4all.nl 6896 [2001:888:2000:d::a6]:50030 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:42093 =D4=E7 =D0=DD=EC=F0=F4=E7, 28 =CC=E1=F1=F4=DF=EF=F5 2013 6:26:48 =F0.=EC. U= TC+2, =EF =F7=F1=DE=F3=F4=E7=F2 Chris Angelico =DD=E3=F1=E1=F8=E5: > On Thu, Mar 28, 2013 at 3:18 PM, =CD=DF=EA=EF=F2 =C3=EA=F133=EA wrote: >=20 > > =D4=E7 =D0=DD=EC=F0=F4=E7, 28 =CC=E1=F1=F4=DF=EF=F5 2013 6:08:28 =F0.= =EC. UTC+2, =EF =F7=F1=DE=F3=F4=E7=F2 Chris Angelico =DD=E3=F1=E1=F8=E5: >=20 > > >=20 > >> As it says in that document, paramstyle is a top-level module >=20 > >> attribute. Try printing it out. See what it says. Then match your code >=20 > > >=20 > > sql =3D '''SELECT hits FROM counters WHERE url =3D %s''' % page >=20 > > print( sql ) >=20 > > cur.execute( sql ) >=20 > > >=20 > > Now the error says: >=20 > > >=20 > > _mysql_exceptions.OperationalError: (1054, "Unknown column 'index.html'= in 'where clause'") as you cna see at my webpage >=20 >=20 >=20 > http://www.facepalm.de/ >=20 >=20 >=20 > Do you understand SQL injection attacks and the concept of >=20 > parameterized queries? >=20 >=20 >=20 > ChrisA Yes i know i'am not supposed to use "%s" and i dotn want to but you asked m= e to print the sql statemnt before executing it. please its 6:30am here in greece and didnt had any sleep yet. please tell me whats wrong....