Re: [Tutor] What books do you recommend?
> My problem, though, is I still find it difficult to write meaningful code or > use the built in libraries > effectively and/or correctly because I can't find example code to mimic. I > tried sifting through > ActiveState recipes page, but most of the code seems uninteresting or useful > only if utilized > in a bigger project. What do you mean by "meaningful" code? I think that might be your issue. What I'd recommend is to figure out *what you want to accomplish*. Python is just a means to accomplish something, but what matters is the accomplishment. You may want to write a GUI desktop app for a specific purpose. You may want to create a web-based app. You may want to write code to process information, scrape web sites...create a game, create some kind of tool. Once you decide on that, you will be more focused on what you need to learn. If, for example, you need to have persistent storage of information, you then might want to read up on databases and perhaps SQLite in Python. Etc. Then you will find code that will be applicable to your concerns, and help you learn. I feel that learning something "in a vacuum", unrelated to some personal creative goal, just doesn't work well. Che I agree with Che. For me, picking a project then completing it is the best way for me to learn a language. That said this link is a great resource in my opinion... http://www.diveintopython.org/ The book there is fantastic and all the links on the right side of the page lead to other great resources. The only resource that I feel was left out was this one. I've learned a lot from this site too. http://www.uselesspython.com/ Good luck... -- Ronald Weidner ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Recursive user input collection problem
I didn't test this but shouldn't you have a line like this... return getinput(variable,prompt) -- Ronald Weidner -Original Message- From: tutor-bounces+rweidner=ea@python.org [mailto:tutor-bounces+rweidner=ea@python.org] On Behalf Of William Witteman Sent: Tuesday, October 13, 2009 4:22 PM To: tutor@python.org Subject: [Tutor] Recursive user input collection problem I need to collect a couple of integers from a user, but I want to make sure that I actually get integers. I tried this, but subsequent calls to the function don't update variable. I'm not sure this is terribly clear - here's the code: num_of_articles = 0 num_of_reviewers = 0 def getinput(variable,prompt): """ Get the input by prompting the user and collecting the response - if it is a non-integer, try again. """ variable = 0 variable = raw_input(prompt) try: int(variable) return variable except ValueError: print("We need an integer (number) here.") getinput(variable,prompt) num_of_articles = getinput(num_of_articles,"Enter number of articles: ") num_of_reviewers = getinput(num_of_reviewers,"Enter number of reviewers: ") print(num_of_articles) print(num_of_reviewers) This works fine if I put in good input, but not if I pass in a bad value. Can anyone show me where I have gone astray? Thanks. -- yours, William ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] [OT] Secure coding guidelines
In reference to this tip, my question is why? - don't use string formatting to create SQL statements - use the two-argument form of execute() to pass args as a sequence -- Ronald Weidner -Original Message- From: tutor-bounces+rweidner=ea@python.org [mailto:tutor-bounces+rweidner=ea@python.org] On Behalf Of Kent Johnson Sent: Saturday, October 10, 2009 8:52 PM To: Didar Hossain Cc: tutor@python.org Subject: Re: [Tutor] [OT] Secure coding guidelines On Sat, Oct 10, 2009 at 5:31 AM, Didar Hossain wrote: > Hi, > > This is a little off-topic, but, I though I might put this question in. > > Since I am learning Python, I was wondering if there are any good > references on secure > coding practices. Books, guides or even any howtos would suffice. I don't know any references, but a few tips: - don't use eval or exec on untrusted code - don't unpickle data from an untrusted source - don't use string formatting to create SQL statements - use the two-argument form of execute() to pass args as a sequence - AFAIK there is no generally accepted, secure sandbox for running untrusted Python code (other than Google App Engine I guess) so don't run untrusted code Kent ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Here's something to talk about
1. Python is not Java (see Philip Eby's blog entry http://dirtsimple.org/2004/12/python-is-not-java.html). Let go of your concepts that only Items can go into an ItemCollection - Python already has some perfectly good collection builtins. Instead of writing a custom ItemCollection, why not write a generic Exporter that takes any Python sequence (such as a list, set, tuple, etc., anything that supports iter)? 2. SQLExporter does not use recommended form for substituting values into an SQL statement. It is preferred that one use the 2-argument form of execute, in which the first argument contains '?' or '%s' placeholders, and the second argument is a tuple of values. That is, instead of: first, last = "Bobby", "Tables" cursor.execute("INSERT into STUDENT (firstname, lastname) values ('"+first+"','"+last+"')") Do: first, last = "Bobby", "Tables" cursor.execute("INSERT into STUDENT (firstname, lastname) values (?,?)", (first,last)) No need for wrapping in quotes, already handles values with embedded quotes, and no SQL injection jeopardy (http://xkcd.com/327/). This slightly complicates your SQL exporter, it would have to return a tuple containing the INSERT statement and the tuple of substitution values, instead of just a string to be passed to execute. 3. The Pythonic way to create a comma-separated string of values from a list of strings is: ','.join(value_list). If you have a list of tuples and want two comma-separated strings, do: keystring, valstring = (','.join(s) for s in zip(*key_value_tuple_list)) 4. While I am not a slave to PEP8, your mixed case method names with leading capitals look too much like class names and/or .Net method names. In general, I find your approach too intrusive into the objects you would like to export or load. I would prefer to see a Loader and/or Exporter class that takes my own application object, configured with table name and field names, and then creates the proper XML or SQL representation. -- Paul In the future, I'll try not to have a Java accent when speaking Python. ( No guarantee though :) ) That said, thanks for the syntax tips and Python preferred snips. One of your points represents a great opportunity to make mine. Suppose this code is several years old. Now we have a new requirement that states we need to work with the data as you described above. How much of the existing code would you have to change to make that change happen? The answer is exactly one line. And here is the line... exporter = SQLExporter("itemTable") And you would change the line to something like... exporter = SQLTupleExporter("itemTable") or perhaps... exporter = ExportItemToDatabase('127.0.0.1', 'user', 'pass', 'schema') Of course, you would need to define a class to go along with your change but all of that will be NEW code. Not a change to existing code. So, all of your existing code should still be valid and tested. The only thing you'll need to do validate and test your new code. There are no tentacles. Replacing exporter with a different kind of exporter does not invalidate anything you've done in your code before. Awesome. Maybe you need to do both? Maybe you need to export the old way, and export the new way. How difficult would that be with 2 export objects? In this case, you wouldn't need to change any lines of code, but rather you would add 2 more lines to the main logic and implement the needed class. It's really just a strategy for creating maintainable code. Maybe It's a good strategy, maybe it isn't. I guess it would depend on the project. I find the technique interesting and useful. -- Ronald Weidner ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Here's something to talk about
I must confess I do not really understand your intent (a) with the code itself (b) with the fact of publishing it Maybe I have read it too fast. What I saw is an implementation of strict object interface, in the sense strictly separating the inner and outer parts of an object. Sure, this is an aspect of OO. But AFAIK this is not very pythonic, not very common at least (and I personly do not feel attracted by this coding style -- rather I consider it a useless overload). For code security reasons? You may be interested in the concepts of the so-called "Object-capability model": http://en.wikipedia.org/wiki/Object_capability_model. -- It's ok not to be attracted to the code or the concept. It's not for everyone (or perhaps it's not for anyone). Thanks for the link. That was an interesting read. Let me confess my intentions. I enjoy programming and I also enjoy talking about programming, and sharing ideas. That's it. The problem that coding in this style tries to solve is change and evolution. During the evolution of software many things can change. Including the things we sometimes take for granted when we start a project. Like the input and output of the program. This example shows how cobbling a few objects together can produce some very different results with very little logic change. There are better more generic ways to solve these problems. Probably even more pythonic ways to solve them. I hope to discuss them in this thread. -- Ronald Weidner ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Here's something to talk about (Weidner, Ronald)
class Item ( object ): def __init__( self ): self._FullName = '' self._Recovery = 0 self._Exporter = SimpleItemExporter (); # Don't understand Bummer, I was hoping to consider myself at the tip of intermediate python programming ... This is the first time I have ever seen a variable set to what appears to be a function address(?). Since I am at work I can't copy paste this thing yet. Is SimpleItemExporter from the parent class, object? I am assuming Item extends or inherits (or whatever the right "word" is) from object. In the above code example, SimpleItemExporter is a class and Self._Exporter is an instance of that class. Yes, SimpleItemExporter does in fact inherit from object. Python lacks the 'new' keyword which may have made that line of code more clear but, in plain English this is what the line means... Create a new SimpleItemExporter and let me access it through the variable self._Exporter. By the way, I'm avoiding the notion of function address by implementing the concept of interfaces in these examples. Please Let us know if your questions about that line of code are answered. Once clear, we can move on to even more cool things in this code. There is a little more to the story relating to the whole self bit, but since I'm at work now too, I'll let someone else get into that for now. -- Ronald Weidner ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] Here's something to talk about
# This code is posted for the purpose of conversation. If it is of some # value to someone that would be great. But what I hope is that the code # sparks conversations about what I did in this code and why I did it. Since # the list seems thick with OOP questions at the moment, I thought this might # be relevant. Digest and enjoy. class Item ( object ): def __init__( self ): self._FullName = '' self._Recovery = 0 self._Exporter = SimpleItemExporter (); def SetFullName( self, name ): self._FullName = name def SetRecovery( self, value ): self._Recovery = value def SetExporter( self, exporter ): self._Exporter = exporter def Export( self ): properties = { 'FullName':self._FullName, 'Recovery':self._Recovery } self._Exporter.Export( properties ) class ItemCollection( object ): def __init__( self ): self._ItemList = [] self._CollectionIndex = -1 self._Loader = None def Add ( self, item ): self._ItemList.append(item) def MoveFirst ( self ): self._CollectionIndex = -1 def MoveNext ( self ): self._CollectionIndex += 1 if self._CollectionIndex < ( len ( self._ItemList ) ): return self._ItemList[ self._CollectionIndex ] return None def MoveTo ( self, index ): pass def GetLength ( self ): pass def SetCollectionLoader ( self, loader ): self._Loader = loader def Load ( self ): if self._Loader <> None: self._Loader.LoadCollection(self) class SimpleItemExporter ( object ): def __init__( self ): pass def Export ( self, dictionary ): print "The recovery status of " +str(dictionary['FullName'])+ " is: " + str(dictionary['Recovery']) class XMLExporter ( object ): def __init__ ( self, tag='XML' ): self.SetRootTag( tag ) def SetRootTag ( self, tag ): self._RootTag = tag; def Export ( self, dictionary ): xml = "" keys = dictionary.keys() for key in keys: xml = xml + "\n\t<" + key + ">" + str(dictionary[key]) + "" print "<" + self._RootTag + ">" + xml + "\n" class SQLExporter ( object ): def __init__ ( self, tableName): self._TableName = tableName def Export ( self, dictionary ): value = "" field = "" first = 1 keys = dictionary.keys() for key in keys: if first <> 1: field = field + ", " value = value + ", " field = field + " " + key value = value + "'" + str(dictionary[key]) + "'" first = 0 print "INSERT into " + self._TableName + " (" + field + ") values (" + value + ")" class ItemCollectionLoader ( object ): def LoadCollection(self, collection): for i in range ( 1, 5 ): item = Item() item.SetFullName( 'Ron The Dude' ) item.SetRecovery( i ) collection.Add( item ) more = 1 collection = ItemCollection() # here we create a loader obbject loader = ItemCollectionLoader() # this loader object could do other things instead of the contrived example # shown here. Such as the loader object could read from a file, or a network # resource, stdin, whatever. As long as it's LoadCollection interface doesn't # change the object could be many things. I've decided to illustrate this concept # later in the code with the exporter object. collection.SetCollectionLoader(loader) collection.Load() collection.MoveFirst while more <> None: item = collection.MoveNext () if item <> None: # What's important here to note is that the exporter may have different # constructors but, the Export method takes the same arguments in each # export class. In other words, it's interface is the same. So, we # can easily switch one exporter object for another. With a little more # code you could even export these items in more than one format (if needed). #exporter = SimpleItemExporter() #
Re: [Tutor] ideas on how to process a file
In my last e-mail I think I suggested making an Item object. This time I'll suggest an ItemCollection object. Now you can have an Add(self, item) that could validate. This could be some rather simple loop and test logic. -- Ronald Weidner From: tutor-bounces+rweidner=ea@python.org [mailto:tutor-bounces+rweidner=ea@python.org] On Behalf Of Spencer Parker Sent: Friday, April 10, 2009 1:00 PM To: Kent Johnson Cc: Alan Gauld; tutor@python.org Subject: Re: [Tutor] ideas on how to process a file The question is now...what do I do to find duplicate entries in the text file I am reading. I just want to filter them out. There are a ton of duplicate entries in there. On Fri, Apr 10, 2009 at 10:43 AM, Spencer Parker mailto:inthefri...@gmail.com>> wrote: Oh...nice...this makes things much easier than what I had before. I mainly used writelines because I couldn't figure out why it was only writing one line. Then I did and never took out the writelines...I just did and it works just fine for the most part. Thanks again for the help. On Fri, Apr 10, 2009 at 10:18 AM, Kent Johnson mailto:ken...@tds.net>> wrote: On Fri, Apr 10, 2009 at 12:04 PM, Spencer Parker mailto:inthefri...@gmail.com>> wrote: > > This is my code: > http://pastebin.com/m11053edf I guess you have something like this now: for line in text_file.readlines(): if line.find('FULLNAME')>=0: write_file.writelines(line) This can be better written as for line in text_file: # No need for readlines(), a file is iterable if 'FULLNAME' in line: write_file.write(line) # writelines() is for writing multiple lines at once Kent ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] subprocess Popen
I have a long running py script that I'm trying to kick off from another long running py script as a separate process... If either script fails or terminates, I don't want the other script to be effected as a result. In other words I need a separate process not a new thread. In any case, this code I thought would work but it doesn't. someLongRunningScript= ( "%s/someLongRunningScript.py" % ( os.getcwd() ) ) someLongRunningScriptArgs= ( '--verbose --directory=%s --link=%s %s' % ( directory_name, link_name, span_option ) ) longCommand = ( '%s %s' % ( someLongRunningScript, someLongRunningScriptArgs) ) pid = subprocess.Popen ( ["/usr/bin/python", longCommand ] ).pid print ( "/usr/bin/python %s " % ( longCommand ) ) What's interesting is that if I copy the text printed in the 5th line, paste into my shell, then run it -- the process I'm trying to start works perfectly. The problem seems to have something to do with the way arguments are being passed to the python script named someLongRunningProcess.py. Help is greatly appreciated. -- Ron ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] subprocess Popen
I have a long running py script that I'm trying to kick off from another long running py script as a separate process... If either script fails or terminates, I don't want the other script to be effected as a result. In other words I need a separate process not a new thread. In any case, this code I thought would work but it doesn't. someLongRunningScript= ( "%s/someLongRunningScript.py" % ( os.getcwd() ) ) someLongRunningScriptArgs= ( '--verbose --directory=%s --link=%s %s' % ( directory_name, link_name, span_option ) ) longCommand = ( '%s %s' % ( someLongRunningScript, someLongRunningScriptArgs) ) pid = subprocess.Popen ( ["/usr/bin/python", longCommand ] ).pid print ( "/usr/bin/python %s " % ( longCommand ) ) What's interesting is that if I copy the text printed in the 5th line, paste into my shell, then run it -- the process I'm trying to start works perfectly. The problem seems to have something to do with the way arguments are being passed to the python script named someLongRunningProcess.py. Help is greatly appreciated. -- Ron ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor