Re: [Tutor] What books do you recommend?
> My problem, though, is I still find it difficult to write meaningful code or > use the built in libraries > effectively and/or correctly because I can't find example code to mimic. I > tried sifting through > ActiveState recipes page, but most of the code seems uninteresting or useful > only if utilized > in a bigger project. What do you mean by "meaningful" code? I think that might be your issue. What I'd recommend is to figure out *what you want to accomplish*. Python is just a means to accomplish something, but what matters is the accomplishment. You may want to write a GUI desktop app for a specific purpose. You may want to create a web-based app. You may want to write code to process information, scrape web sites...create a game, create some kind of tool. Once you decide on that, you will be more focused on what you need to learn. If, for example, you need to have persistent storage of information, you then might want to read up on databases and perhaps SQLite in Python. Etc. Then you will find code that will be applicable to your concerns, and help you learn. I feel that learning something "in a vacuum", unrelated to some personal creative goal, just doesn't work well. Che I agree with Che. For me, picking a project then completing it is the best way for me to learn a language. That said this link is a great resource in my opinion... http://www.diveintopython.org/ The book there is fantastic and all the links on the right side of the page lead to other great resources. The only resource that I feel was left out was this one. I've learned a lot from this site too. http://www.uselesspython.com/ Good luck... -- Ronald Weidner ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Recursive user input collection problem
I didn't test this but shouldn't you have a line like this...
return getinput(variable,prompt)
--
Ronald Weidner
-Original Message-
From: tutor-bounces+rweidner=ea@python.org
[mailto:tutor-bounces+rweidner=ea@python.org] On Behalf Of William Witteman
Sent: Tuesday, October 13, 2009 4:22 PM
To: tutor@python.org
Subject: [Tutor] Recursive user input collection problem
I need to collect a couple of integers from a user, but I want to make
sure that I actually get integers. I tried this, but subsequent calls
to the function don't update variable. I'm not sure this is terribly
clear - here's the code:
num_of_articles = 0
num_of_reviewers = 0
def getinput(variable,prompt):
"""
Get the input by prompting the user and collecting the response - if it is
a non-integer, try again.
"""
variable = 0
variable = raw_input(prompt)
try:
int(variable)
return variable
except ValueError:
print("We need an integer (number) here.")
getinput(variable,prompt)
num_of_articles = getinput(num_of_articles,"Enter number of articles: ")
num_of_reviewers = getinput(num_of_reviewers,"Enter number of reviewers: ")
print(num_of_articles)
print(num_of_reviewers)
This works fine if I put in good input, but not if I pass in a bad
value. Can anyone show me where I have gone astray? Thanks.
--
yours,
William
___
Tutor maillist - Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor
___
Tutor maillist - Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] [OT] Secure coding guidelines
In reference to this tip, my question is why? - don't use string formatting to create SQL statements - use the two-argument form of execute() to pass args as a sequence -- Ronald Weidner -Original Message- From: tutor-bounces+rweidner=ea@python.org [mailto:tutor-bounces+rweidner=ea@python.org] On Behalf Of Kent Johnson Sent: Saturday, October 10, 2009 8:52 PM To: Didar Hossain Cc: tutor@python.org Subject: Re: [Tutor] [OT] Secure coding guidelines On Sat, Oct 10, 2009 at 5:31 AM, Didar Hossain wrote: > Hi, > > This is a little off-topic, but, I though I might put this question in. > > Since I am learning Python, I was wondering if there are any good > references on secure > coding practices. Books, guides or even any howtos would suffice. I don't know any references, but a few tips: - don't use eval or exec on untrusted code - don't unpickle data from an untrusted source - don't use string formatting to create SQL statements - use the two-argument form of execute() to pass args as a sequence - AFAIK there is no generally accepted, secure sandbox for running untrusted Python code (other than Google App Engine I guess) so don't run untrusted code Kent ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Here's something to talk about
1. Python is not Java (see Philip Eby's blog entry
http://dirtsimple.org/2004/12/python-is-not-java.html). Let go of your
concepts that only Items can go into an ItemCollection - Python already has
some perfectly good collection builtins. Instead of writing a custom
ItemCollection, why not write a generic Exporter that takes any Python
sequence (such as a list, set, tuple, etc., anything that supports iter)?
2. SQLExporter does not use recommended form for substituting values into an
SQL statement. It is preferred that one use the 2-argument form of execute,
in which the first argument contains '?' or '%s' placeholders, and the
second argument is a tuple of values. That is, instead of:
first, last = "Bobby", "Tables"
cursor.execute("INSERT into STUDENT (firstname, lastname) values
('"+first+"','"+last+"')")
Do:
first, last = "Bobby", "Tables"
cursor.execute("INSERT into STUDENT (firstname, lastname) values (?,?)",
(first,last))
No need for wrapping in quotes, already handles values with embedded quotes,
and no SQL injection jeopardy (http://xkcd.com/327/). This slightly
complicates your SQL exporter, it would have to return a tuple containing
the INSERT statement and the tuple of substitution values, instead of just a
string to be passed to execute.
3. The Pythonic way to create a comma-separated string of values from a list
of strings is: ','.join(value_list). If you have a list of tuples and want
two comma-separated strings, do: keystring, valstring = (','.join(s) for s
in zip(*key_value_tuple_list))
4. While I am not a slave to PEP8, your mixed case method names with leading
capitals look too much like class names and/or .Net method names.
In general, I find your approach too intrusive into the objects you would
like to export or load. I would prefer to see a Loader and/or Exporter
class that takes my own application object, configured with table name and
field names, and then creates the proper XML or SQL representation.
-- Paul
In the future, I'll try not to have a Java accent when speaking Python.
( No guarantee though :) ) That said, thanks for the syntax tips and
Python preferred snips.
One of your points represents a great opportunity to make mine. Suppose
this code is several years old. Now we have a new requirement that
states we need to work with the data as you described above. How
much of the existing code would you have to change to make that change
happen? The answer is exactly one line. And here is the line...
exporter = SQLExporter("itemTable")
And you would change the line to something like...
exporter = SQLTupleExporter("itemTable")
or perhaps...
exporter = ExportItemToDatabase('127.0.0.1', 'user', 'pass', 'schema')
Of course, you would need to define a class to go along with your change
but all of that will be NEW code. Not a change to existing code. So,
all of your existing code should still be valid and tested. The only
thing you'll need to do validate and test your new code.
There are no tentacles. Replacing exporter with a different kind of
exporter does not invalidate anything you've done in your code before.
Awesome.
Maybe you need to do both? Maybe you need to export the old way, and
export the new way. How difficult would that be with 2 export
objects? In this case, you wouldn't need to change any lines of code,
but rather you would add 2 more lines to the main logic and
implement the needed class.
It's really just a strategy for creating maintainable code. Maybe
It's a good strategy, maybe it isn't. I guess it would depend on
the project. I find the technique interesting and useful.
--
Ronald Weidner
___
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Here's something to talk about
I must confess I do not really understand your intent (a) with the code itself (b) with the fact of publishing it Maybe I have read it too fast. What I saw is an implementation of strict object interface, in the sense strictly separating the inner and outer parts of an object. Sure, this is an aspect of OO. But AFAIK this is not very pythonic, not very common at least (and I personly do not feel attracted by this coding style -- rather I consider it a useless overload). For code security reasons? You may be interested in the concepts of the so-called "Object-capability model": http://en.wikipedia.org/wiki/Object_capability_model. -- It's ok not to be attracted to the code or the concept. It's not for everyone (or perhaps it's not for anyone). Thanks for the link. That was an interesting read. Let me confess my intentions. I enjoy programming and I also enjoy talking about programming, and sharing ideas. That's it. The problem that coding in this style tries to solve is change and evolution. During the evolution of software many things can change. Including the things we sometimes take for granted when we start a project. Like the input and output of the program. This example shows how cobbling a few objects together can produce some very different results with very little logic change. There are better more generic ways to solve these problems. Probably even more pythonic ways to solve them. I hope to discuss them in this thread. -- Ronald Weidner ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Here's something to talk about (Weidner, Ronald)
class Item ( object ): def __init__( self ): self._FullName = '' self._Recovery = 0 self._Exporter = SimpleItemExporter (); #
[Tutor] Here's something to talk about
# This code is posted for the purpose of conversation. If it is of some
# value to someone that would be great. But what I hope is that the code
# sparks conversations about what I did in this code and why I did it. Since
# the list seems thick with OOP questions at the moment, I thought this might
# be relevant. Digest and enjoy.
class Item ( object ):
def __init__( self ):
self._FullName = ''
self._Recovery = 0
self._Exporter = SimpleItemExporter ();
def SetFullName( self, name ):
self._FullName = name
def SetRecovery( self, value ):
self._Recovery = value
def SetExporter( self, exporter ):
self._Exporter = exporter
def Export( self ):
properties = { 'FullName':self._FullName,
'Recovery':self._Recovery }
self._Exporter.Export( properties )
class ItemCollection( object ):
def __init__( self ):
self._ItemList = []
self._CollectionIndex = -1
self._Loader = None
def Add ( self, item ):
self._ItemList.append(item)
def MoveFirst ( self ):
self._CollectionIndex = -1
def MoveNext ( self ):
self._CollectionIndex += 1
if self._CollectionIndex < ( len ( self._ItemList ) ):
return self._ItemList[ self._CollectionIndex ]
return None
def MoveTo ( self, index ):
pass
def GetLength ( self ):
pass
def SetCollectionLoader ( self, loader ):
self._Loader = loader
def Load ( self ):
if self._Loader <> None:
self._Loader.LoadCollection(self)
class SimpleItemExporter ( object ):
def __init__( self ):
pass
def Export ( self, dictionary ):
print "The recovery status of " +str(dictionary['FullName'])+ "
is: " + str(dictionary['Recovery'])
class XMLExporter ( object ):
def __init__ ( self, tag='XML' ):
self.SetRootTag( tag )
def SetRootTag ( self, tag ):
self._RootTag = tag;
def Export ( self, dictionary ):
xml = ""
keys = dictionary.keys()
for key in keys:
xml = xml + "\n\t<" + key + ">" + str(dictionary[key])
+ ""
print "<" + self._RootTag + ">" + xml + "\n"
class SQLExporter ( object ):
def __init__ ( self, tableName):
self._TableName = tableName
def Export ( self, dictionary ):
value = ""
field = ""
first = 1
keys = dictionary.keys()
for key in keys:
if first <> 1:
field = field + ", "
value = value + ", "
field = field + " " + key
value = value + "'" + str(dictionary[key]) + "'"
first = 0
print "INSERT into " + self._TableName + " (" + field + ")
values (" + value + ")"
class ItemCollectionLoader ( object ):
def LoadCollection(self, collection):
for i in range ( 1, 5 ):
item = Item()
item.SetFullName( 'Ron The Dude' )
item.SetRecovery( i )
collection.Add( item )
more = 1
collection = ItemCollection()
# here we create a loader obbject
loader = ItemCollectionLoader()
# this loader object could do other things instead of the contrived example
# shown here. Such as the loader object could read from a file, or a network
# resource, stdin, whatever. As long as it's LoadCollection interface doesn't
# change the object could be many things. I've decided to illustrate this
concept
# later in the code with the exporter object.
collection.SetCollectionLoader(loader)
collection.Load()
collection.MoveFirst
while more <> None:
item = collection.MoveNext ()
if item <> None:
# What's important here to note is that the exporter may have
different
# constructors but, the Export method takes the same arguments
in each
# export class. In other words, it's interface is the same.
So, we
# can easily switch one exporter object for another. With a
little more
# code you could even export these items in more than one
format (if needed).
#exporter = SimpleItemExporter()
#
Re: [Tutor] ideas on how to process a file
In my last e-mail I think I suggested making an Item object. This time I'll
suggest an ItemCollection object. Now you can have an Add(self, item) that
could validate. This could be some rather simple loop and test logic.
--
Ronald Weidner
From: tutor-bounces+rweidner=ea@python.org
[mailto:tutor-bounces+rweidner=ea@python.org] On Behalf Of Spencer Parker
Sent: Friday, April 10, 2009 1:00 PM
To: Kent Johnson
Cc: Alan Gauld; tutor@python.org
Subject: Re: [Tutor] ideas on how to process a file
The question is now...what do I do to find duplicate entries in the text file I
am reading. I just want to filter them out. There are a ton of duplicate
entries in there.
On Fri, Apr 10, 2009 at 10:43 AM, Spencer Parker
mailto:inthefri...@gmail.com>> wrote:
Oh...nice...this makes things much easier than what I had before.
I mainly used writelines because I couldn't figure out why it was only writing
one line. Then I did and never took out the writelines...I just did and it
works just fine for the most part.
Thanks again for the help.
On Fri, Apr 10, 2009 at 10:18 AM, Kent Johnson
mailto:ken...@tds.net>> wrote:
On Fri, Apr 10, 2009 at 12:04 PM, Spencer Parker
mailto:inthefri...@gmail.com>> wrote:
>
> This is my code:
> http://pastebin.com/m11053edf
I guess you have something like this now:
for line in text_file.readlines():
if line.find('FULLNAME')>=0:
write_file.writelines(line)
This can be better written as
for line in text_file: # No need for readlines(), a file is iterable
if 'FULLNAME' in line:
write_file.write(line) # writelines() is for writing multiple lines at once
Kent
___
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
[Tutor] subprocess Popen
I have a long running py script that I'm trying to kick off from another long running py script as a separate process... If either script fails or terminates, I don't want the other script to be effected as a result. In other words I need a separate process not a new thread. In any case, this code I thought would work but it doesn't. someLongRunningScript= ( "%s/someLongRunningScript.py" % ( os.getcwd() ) ) someLongRunningScriptArgs= ( '--verbose --directory=%s --link=%s %s' % ( directory_name, link_name, span_option ) ) longCommand = ( '%s %s' % ( someLongRunningScript, someLongRunningScriptArgs) ) pid = subprocess.Popen ( ["/usr/bin/python", longCommand ] ).pid print ( "/usr/bin/python %s " % ( longCommand ) ) What's interesting is that if I copy the text printed in the 5th line, paste into my shell, then run it -- the process I'm trying to start works perfectly. The problem seems to have something to do with the way arguments are being passed to the python script named someLongRunningProcess.py. Help is greatly appreciated. -- Ron ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] subprocess Popen
I have a long running py script that I'm trying to kick off from another long running py script as a separate process... If either script fails or terminates, I don't want the other script to be effected as a result. In other words I need a separate process not a new thread. In any case, this code I thought would work but it doesn't. someLongRunningScript= ( "%s/someLongRunningScript.py" % ( os.getcwd() ) ) someLongRunningScriptArgs= ( '--verbose --directory=%s --link=%s %s' % ( directory_name, link_name, span_option ) ) longCommand = ( '%s %s' % ( someLongRunningScript, someLongRunningScriptArgs) ) pid = subprocess.Popen ( ["/usr/bin/python", longCommand ] ).pid print ( "/usr/bin/python %s " % ( longCommand ) ) What's interesting is that if I copy the text printed in the 5th line, paste into my shell, then run it -- the process I'm trying to start works perfectly. The problem seems to have something to do with the way arguments are being passed to the python script named someLongRunningProcess.py. Help is greatly appreciated. -- Ron ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
