Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #44961 > unrolled thread

Re: MySQL Database

Started byKevin Holleran <kdawg44@gmail.com>
First post2013-05-08 15:31 -0400
Last post2013-05-08 15:31 -0400
Articles 1 — 1 participant

Back to article view | Back to comp.lang.python

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: MySQL Database Kevin Holleran <kdawg44@gmail.com> - 2013-05-08 15:31 -0400

#44961 — Re: MySQL Database

FromKevin Holleran <kdawg44@gmail.com>
Date2013-05-08 15:31 -0400
SubjectRe: MySQL Database
Message-ID<mailman.1455.1368041471.3114.python-list@python.org>

[Multipart message — attachments visible in raw view] — view raw

Thanks,  I actually intend to, was just whipping something up to be an
example for my question.



--
Kevin Holleran
Master of Science, Computer Information Systems
Grand Valley State University
Master of Business Administration
Western Michigan University
GCFA, GCFE, CCNA, ISA, MCSA, MCDST, MCP

"Do today what others won't, do tomorrow what others can't" - SEALFit

"We are what we repeatedly do. Excellence, then, is not an act, but a
habit." - Aristotle


On Wed, May 8, 2013 at 3:07 PM, MRAB <python@mrabarnett.plus.com> wrote:

> On 08/05/2013 19:52, Kevin Holleran wrote:
>
>> Hello,
>>
>> I want to connect to a MySQL database, query for some records,
>> manipulate some data, and then update the database.
>>
>> When I do something like this:
>>
>>      db_c.execute("SELECT a, b FROM Users")
>>
>> for row in db_c.fetchall():
>>
>>          (r,d) = row[0].split('|')
>>
>>          (g,e) = domain.split('.')
>>
>>          db_c.execute("UPDATE Users SET g = '"+ g + "' WHERE a ='"+
>> row[0])
>>
>>
>> Will using db_c to update the database mess up the loop that is cycling
>> through db_c.fetchall()?
>>
>>  You shouldn't be building an SQL string like that because it's
> susceptible to SQL injection. You should be doing it more like this:
>
> db_c.execute("UPDATE Users SET g = %s WHERE a = %s", (g, row[0]))
>
> The values will then be handled safely for you.
> --
> http://mail.python.org/**mailman/listinfo/python-list<http://mail.python.org/mailman/listinfo/python-list>
>

[toc] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web