Re: [Tutor] ODBC SQL Server Question
Hi, Thanks you guys for the replies and thanks Kent for the explanation, and yes, this: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name, )) using the comma did make it work. On Fri, Sep 18, 2009 at 3:40 PM, Jeff Johnson j...@dcsoftware.com wrote: Thanks for the clarification Kent! Kent Johnson wrote: On Fri, Sep 18, 2009 at 2:14 PM, Jeff Johnson j...@dcsoftware.com wrote: Kent: How about this: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, )) No, that has the same result as your original. For example, In [3]: name = Kent'; drop table Stories;-- In [4]: SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, ) Out[4]: SELECT CUSTID FROM Stories WHERE NAME = 'Kent'; drop table Stories;--' Oops. Question, does execute know to substitute the question mark with name? self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name, )) Yes, and it will correctly quote name according to the conventions of the database in use. (Note that not all DB-API implementations use ? as the placeholder; check the docs for the db you are using.) Kent -- Jeff Jeff Johnson j...@dcsoftware.com Phoenix Python User Group - sunpigg...@googlegroups.com -- Cheers, Krissy --- Testing the waters is always fun... ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
[Tutor] ODBC SQL Server Question
Hi, Is anyone familiar with this error: dbi.internal-error: [Microsoft][SQL Server Driver]Invalid cursor state in EXEC This error is triggered by the first sql statement call in an accessor module which purpose is only to get data from a source module and feed it into a database: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name)) I can't figure out what's causing it. I searched for the invalid cursor state error online but most of it occurs on the fetchall statement not the execute statement. Any ideas? Thanks! -- Cheers, Krissy --- Testing the waters is always fun... ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] ODBC SQL Server Question
Kristina: I would format it as follows: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % name) Kristina Ambert wrote: Hi, Is anyone familiar with this error: dbi.internal-error: [Microsoft][SQL Server Driver]Invalid cursor state in EXEC This error is triggered by the first sql statement call in an accessor module which purpose is only to get data from a source module and feed it into a database: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name)) I can't figure out what's causing it. I searched for the invalid cursor state error online but most of it occurs on the fetchall statement not the execute statement. Any ideas? Thanks! -- Cheers, Krissy --- Testing the waters is always fun... -- Jeff Jeff Johnson j...@dcsoftware.com Phoenix Python User Group - sunpigg...@googlegroups.com ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] ODBC SQL Server Question
On Fri, Sep 18, 2009 at 11:49 AM, Jeff Johnson j...@dcsoftware.com wrote: Kristina: I would format it as follows: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % name) No, that is a recipe for SQL injection attacks such as this: http://xkcd.com/327/ self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name)) I think that should have a comma to create a tuple: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name,)) I don't know if that could cause your problem. Kent ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] ODBC SQL Server Question
Kent: How about this: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, )) Question, does execute know to substitute the question mark with name? self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name, )) TIA Kent Johnson wrote: On Fri, Sep 18, 2009 at 11:49 AM, Jeff Johnson j...@dcsoftware.com wrote: Kristina: I would format it as follows: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % name) No, that is a recipe for SQL injection attacks such as this: http://xkcd.com/327/ self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name)) I think that should have a comma to create a tuple: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name,)) I don't know if that could cause your problem. Kent -- Jeff Jeff Johnson j...@dcsoftware.com Phoenix Python User Group - sunpigg...@googlegroups.com ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] ODBC SQL Server Question
On Fri, Sep 18, 2009 at 2:14 PM, Jeff Johnson j...@dcsoftware.com wrote: Kent: How about this: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, )) No, that has the same result as your original. For example, In [3]: name = Kent'; drop table Stories;-- In [4]: SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, ) Out[4]: SELECT CUSTID FROM Stories WHERE NAME = 'Kent'; drop table Stories;--' Oops. Question, does execute know to substitute the question mark with name? self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name, )) Yes, and it will correctly quote name according to the conventions of the database in use. (Note that not all DB-API implementations use ? as the placeholder; check the docs for the db you are using.) Kent ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] ODBC SQL Server Question
Thanks for the clarification Kent! Kent Johnson wrote: On Fri, Sep 18, 2009 at 2:14 PM, Jeff Johnson j...@dcsoftware.com wrote: Kent: How about this: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, )) No, that has the same result as your original. For example, In [3]: name = Kent'; drop table Stories;-- In [4]: SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, ) Out[4]: SELECT CUSTID FROM Stories WHERE NAME = 'Kent'; drop table Stories;--' Oops. Question, does execute know to substitute the question mark with name? self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name, )) Yes, and it will correctly quote name according to the conventions of the database in use. (Note that not all DB-API implementations use ? as the placeholder; check the docs for the db you are using.) Kent -- Jeff Jeff Johnson j...@dcsoftware.com Phoenix Python User Group - sunpigg...@googlegroups.com ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
[Tutor] odbc connection with python
how can i make odbc connection language and i wanna make gui project after connecting database anyone has document ? -- Mustafa Akkoc ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] odbc connection with python
On 5/19/2009 5:47 AM mustafa akkoc said... how can i make odbc connection language and i wanna make gui project after connecting database anyone has document ? There's an odbc module in python. I'd start with the docs on that and then google 'python odbc example' for more info and examples. Emile ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] odbc connection with python
mustafa akkoc mustafa.c...@gmail.com wrote how can i make odbc connection language and i wanna make gui project after connecting database anyone has document ? There are lots of GUI options for python but if you want to do a database centred GUI and have no previous knowledge to leverage then dabo is probably your best bet. It includes a GUI builder and has strong links to databases. http://dabodev.com/ Caveat: I've only read the web pages, not used it! But it has had some good reviews on this list before. -- Alan Gauld Author of the Learn to Program web site http://www.alan-g.me.uk/ ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] odbc
Hi,
I have just run the test package within mxODBC.
I get the following result.
mx.ODBC Test Suite
Subpackage Name
[Windows]:
Available Datasources:
Excel Files -
Microsoft Excel Driver (*.xls)
MS Access Database -
Microsoft Access Driver (*.mdb)
Visual FoxPro Database - Microsoft Visual FoxPro Driver
Visual FoxPro Tables - Microsoft Visual FoxPro Driver
dBASE Files - Microsoft dBase Driver (*.dbf)
DriverConnect arguments
[DSN=test;UID=test;PWD=test]:
Clear AUTOCOMMIT ? (1/0) [1]
Run tests continuously to check for leaks
? (y/n) [n]
Use direct execution of SQL statements ?
(y/n) [n]
Run long benchmark ? (y/n) [n]
Show driver type information ? (y/n) [n]
Output file [stdout]:
Testing package mx.ODBC.Windows
version: 2.0.5
compiled with Unicode support
using Python version: 2.4
Test suite:
Connecting
to the database.
Traceback (most
recent call last):
File
C:\Python24\Lib\site-packages\mx\ODBC\Misc\test.py, line 2346, in ?
rc = main(packagename)
File
C:\Python24\Lib\site-packages\mx\ODBC\Misc\test.py, line 2278, in
main
connection
= apply(connectapi,connectargs)
OperationalError: ('IM002',
0, '[Microsoft][ODBC Driver Manager] Data source name
not found and no default driver specified', 6044)
It gives me the same error that I am experiencing when I run
my code. Does this mean that I have not
installed something that I need or have not installed something properly.
Thanks,
John.
___
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] odbc
Kent,
I am not sure what you mean. I am feeling about in the dark on this
subject.
Do you have an example? Among my visual foxpro database files I have a file
called tng.dbc. When I acces the database files through excel, I select the
tng.dbc before I can see the fields in the databases. Is this what I need
to log onto with python first before I access the database file?
Regards,
John.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Kent Johnson
Sent: 15 April 2006 15:40
Cc: tutor@python.org
Subject: Re: [Tutor] odbc
John CORRY wrote:
I have just run the test package within mxODBC. I get the following
result.
OperationalError: ('IM002', 0, '[Microsoft][ODBC Driver Manager] Data
source name not found and no default driver specified', 6044)
It gives me the same error that I am experiencing when I run my code.
Does this mean that I have not installed something that I need or have
not installed something properly.
Have you configured an ODBC data source for the database you are trying
to access? I don't remember how to do this but I know it was a necessary
step for accessing MS-Access databases from ODBC.
Kent
___
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
___
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
