Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #44960 > unrolled thread
| Started by | MRAB <python@mrabarnett.plus.com> |
|---|---|
| First post | 2013-05-08 20:07 +0100 |
| Last post | 2013-05-08 20:07 +0100 |
| Articles | 1 — 1 participant |
Back to article view | Back to comp.lang.python
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: MySQL Database MRAB <python@mrabarnett.plus.com> - 2013-05-08 20:07 +0100
| From | MRAB <python@mrabarnett.plus.com> |
|---|---|
| Date | 2013-05-08 20:07 +0100 |
| Subject | Re: MySQL Database |
| Message-ID | <mailman.1454.1368040063.3114.python-list@python.org> |
On 08/05/2013 19:52, Kevin Holleran wrote:
> Hello,
>
> I want to connect to a MySQL database, query for some records,
> manipulate some data, and then update the database.
>
> When I do something like this:
>
> db_c.execute("SELECT a, b FROM Users")
>
> for row in db_c.fetchall():
>
> (r,d) = row[0].split('|')
>
> (g,e) = domain.split('.')
>
> db_c.execute("UPDATE Users SET g = '"+ g + "' WHERE a ='"+ row[0])
>
>
> Will using db_c to update the database mess up the loop that is cycling
> through db_c.fetchall()?
>
You shouldn't be building an SQL string like that because it's
susceptible to SQL injection. You should be doing it more like this:
db_c.execute("UPDATE Users SET g = %s WHERE a = %s", (g, row[0]))
The values will then be handled safely for you.
Back to top | Article view | comp.lang.python
csiph-web