On Dec 21, 1:44 pm, SMALLp <[EMAIL PROTECTED]> wrote: > Carsten Haese wrote: > > On Fri, 2007-12-21 at 18:06 +0100, SMALLp wrote: > >>>> sql ="INSERT INTO "+dataTable+" (user_name, file_name, > >>>> file_size, > >>>> file_path_local, file_path_FTP, curent_location, FTP_valid_time, > >>>> uploaded, last_modified, last_verified, file_type, file_category) VLAUES > >>>> "+data > >>>> cursor.execute(sql) > > >> Thanks! I solved the problem. And I thing i understand now. > > > You may have solved your initial problem, but the above snippet raises > > two red flags: > > > 1) Why is the table name coming from a variable? This implies to me that > > you a working with a collection of tables with different names that all > > have the same column names. If that is the case, that smells of really > > bad database design. If at all possible, those tables should be merged > > into one table that has an additional column (or set of columns) for > > distinguishing which "fragment" each row is in. > > > 2) Sticking literal values into an SQL query string is a bad idea. You > > should learn about parametrized queries, e.g. here: > >http://informixdb.blogspot.com/2007/07/filling-in-blanks.html > > > Hope this helps, > > Good question. I'm using only one tale and have no idea why i had table > name from variable. But every new knowledge comes handy. > > One more question. How does my code looks like. I couldn't find any open > source program written in python to learn from, so i read some tutorials > and I'm not sure about how it looks.
You couldn't find any programs written in Python? What the!? Here's a few: http://cheeseshop.python.org/pypi/UliPad/3.6/ http://spambayes.sourceforge.net/ http://sourceforge.net/softwaremap/trove_list.php?form_cat=178 Mike -- http://mail.python.org/mailman/listinfo/python-list