On Feb 28, 4:40 am, Temoto <[EMAIL PROTECTED]> wrote: > Hello. > > There is a Django application, i need to place all its data into > Access mdb file and send it to user. > It seems to me that params filling for statement could be expressed in > a more beautiful way. > Since i'm very new to Python, i don't feel that, though. > > Could you tell your opinion on that snippet? > > <code> > sql = """insert into salesmanager > (employeeid, name, officelocation, departmentname, salary) > values (?, ?, ?, ?, ?);""" > params = [] > for manager in Manager.objects.all(): > params.append( (manager.id, manager.name, manager.office, > manager.department, manager.salary) ) > curs.executemany(sql, params) > </code>
It's my understanding that the way you insert arguments into queries has to be done in a db specific way. If done in that way, your queries will be protected against sql injection attacks, AND the query strings will be constructed in a more efficient manner. -- http://mail.python.org/mailman/listinfo/python-list