Re: [Tutor] ODBC SQL Server Question
Hi, Thanks you guys for the replies and thanks Kent for the explanation, and yes, this: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name, )) using the comma did make it work. On Fri, Sep 18, 2009 at 3:40 PM, Jeff Johnson j...@dcsoftware.com wrote: Thanks for the clarification Kent! Kent Johnson wrote: On Fri, Sep 18, 2009 at 2:14 PM, Jeff Johnson j...@dcsoftware.com wrote: Kent: How about this: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, )) No, that has the same result as your original. For example, In [3]: name = Kent'; drop table Stories;-- In [4]: SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, ) Out[4]: SELECT CUSTID FROM Stories WHERE NAME = 'Kent'; drop table Stories;--' Oops. Question, does execute know to substitute the question mark with name? self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name, )) Yes, and it will correctly quote name according to the conventions of the database in use. (Note that not all DB-API implementations use ? as the placeholder; check the docs for the db you are using.) Kent -- Jeff Jeff Johnson j...@dcsoftware.com Phoenix Python User Group - sunpigg...@googlegroups.com -- Cheers, Krissy --- Testing the waters is always fun... ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
[Tutor] ODBC SQL Server Question
Hi, Is anyone familiar with this error: dbi.internal-error: [Microsoft][SQL Server Driver]Invalid cursor state in EXEC This error is triggered by the first sql statement call in an accessor module which purpose is only to get data from a source module and feed it into a database: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name)) I can't figure out what's causing it. I searched for the invalid cursor state error online but most of it occurs on the fetchall statement not the execute statement. Any ideas? Thanks! -- Cheers, Krissy --- Testing the waters is always fun... ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] ODBC SQL Server Question
Kristina: I would format it as follows: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % name) Kristina Ambert wrote: Hi, Is anyone familiar with this error: dbi.internal-error: [Microsoft][SQL Server Driver]Invalid cursor state in EXEC This error is triggered by the first sql statement call in an accessor module which purpose is only to get data from a source module and feed it into a database: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name)) I can't figure out what's causing it. I searched for the invalid cursor state error online but most of it occurs on the fetchall statement not the execute statement. Any ideas? Thanks! -- Cheers, Krissy --- Testing the waters is always fun... -- Jeff Jeff Johnson j...@dcsoftware.com Phoenix Python User Group - sunpigg...@googlegroups.com ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] ODBC SQL Server Question
On Fri, Sep 18, 2009 at 11:49 AM, Jeff Johnson j...@dcsoftware.com wrote: Kristina: I would format it as follows: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % name) No, that is a recipe for SQL injection attacks such as this: http://xkcd.com/327/ self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name)) I think that should have a comma to create a tuple: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name,)) I don't know if that could cause your problem. Kent ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] ODBC SQL Server Question
Kent: How about this: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, )) Question, does execute know to substitute the question mark with name? self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name, )) TIA Kent Johnson wrote: On Fri, Sep 18, 2009 at 11:49 AM, Jeff Johnson j...@dcsoftware.com wrote: Kristina: I would format it as follows: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % name) No, that is a recipe for SQL injection attacks such as this: http://xkcd.com/327/ self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name)) I think that should have a comma to create a tuple: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name,)) I don't know if that could cause your problem. Kent -- Jeff Jeff Johnson j...@dcsoftware.com Phoenix Python User Group - sunpigg...@googlegroups.com ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] ODBC SQL Server Question
On Fri, Sep 18, 2009 at 2:14 PM, Jeff Johnson j...@dcsoftware.com wrote: Kent: How about this: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, )) No, that has the same result as your original. For example, In [3]: name = Kent'; drop table Stories;-- In [4]: SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, ) Out[4]: SELECT CUSTID FROM Stories WHERE NAME = 'Kent'; drop table Stories;--' Oops. Question, does execute know to substitute the question mark with name? self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name, )) Yes, and it will correctly quote name according to the conventions of the database in use. (Note that not all DB-API implementations use ? as the placeholder; check the docs for the db you are using.) Kent ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] ODBC SQL Server Question
Thanks for the clarification Kent! Kent Johnson wrote: On Fri, Sep 18, 2009 at 2:14 PM, Jeff Johnson j...@dcsoftware.com wrote: Kent: How about this: self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, )) No, that has the same result as your original. For example, In [3]: name = Kent'; drop table Stories;-- In [4]: SELECT CUSTID FROM Stories WHERE NAME = '%s' % (name, ) Out[4]: SELECT CUSTID FROM Stories WHERE NAME = 'Kent'; drop table Stories;--' Oops. Question, does execute know to substitute the question mark with name? self.cursor.execute(SELECT CUSTID FROM Stories WHERE NAME= ?, (name, )) Yes, and it will correctly quote name according to the conventions of the database in use. (Note that not all DB-API implementations use ? as the placeholder; check the docs for the db you are using.) Kent -- Jeff Jeff Johnson j...@dcsoftware.com Phoenix Python User Group - sunpigg...@googlegroups.com ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
[Tutor] odbc connection with python
how can i make odbc connection language and i wanna make gui project after connecting database anyone has document ? -- Mustafa Akkoc ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] odbc connection with python
On 5/19/2009 5:47 AM mustafa akkoc said... how can i make odbc connection language and i wanna make gui project after connecting database anyone has document ? There's an odbc module in python. I'd start with the docs on that and then google 'python odbc example' for more info and examples. Emile ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] odbc connection with python
mustafa akkoc mustafa.c...@gmail.com wrote how can i make odbc connection language and i wanna make gui project after connecting database anyone has document ? There are lots of GUI options for python but if you want to do a database centred GUI and have no previous knowledge to leverage then dabo is probably your best bet. It includes a GUI builder and has strong links to databases. http://dabodev.com/ Caveat: I've only read the web pages, not used it! But it has had some good reviews on this list before. -- Alan Gauld Author of the Learn to Program web site http://www.alan-g.me.uk/ ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] odbc
Hi, I have just run the test package within mxODBC. I get the following result. mx.ODBC Test Suite Subpackage Name [Windows]: Available Datasources: Excel Files - Microsoft Excel Driver (*.xls) MS Access Database - Microsoft Access Driver (*.mdb) Visual FoxPro Database - Microsoft Visual FoxPro Driver Visual FoxPro Tables - Microsoft Visual FoxPro Driver dBASE Files - Microsoft dBase Driver (*.dbf) DriverConnect arguments [DSN=test;UID=test;PWD=test]: Clear AUTOCOMMIT ? (1/0) [1] Run tests continuously to check for leaks ? (y/n) [n] Use direct execution of SQL statements ? (y/n) [n] Run long benchmark ? (y/n) [n] Show driver type information ? (y/n) [n] Output file [stdout]: Testing package mx.ODBC.Windows version: 2.0.5 compiled with Unicode support using Python version: 2.4 Test suite: Connecting to the database. Traceback (most recent call last): File C:\Python24\Lib\site-packages\mx\ODBC\Misc\test.py, line 2346, in ? rc = main(packagename) File C:\Python24\Lib\site-packages\mx\ODBC\Misc\test.py, line 2278, in main connection = apply(connectapi,connectargs) OperationalError: ('IM002', 0, '[Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified', 6044) It gives me the same error that I am experiencing when I run my code. Does this mean that I have not installed something that I need or have not installed something properly. Thanks, John. ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] odbc
Kent, I am not sure what you mean. I am feeling about in the dark on this subject. Do you have an example? Among my visual foxpro database files I have a file called tng.dbc. When I acces the database files through excel, I select the tng.dbc before I can see the fields in the databases. Is this what I need to log onto with python first before I access the database file? Regards, John. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kent Johnson Sent: 15 April 2006 15:40 Cc: tutor@python.org Subject: Re: [Tutor] odbc John CORRY wrote: I have just run the test package within mxODBC. I get the following result. OperationalError: ('IM002', 0, '[Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified', 6044) It gives me the same error that I am experiencing when I run my code. Does this mean that I have not installed something that I need or have not installed something properly. Have you configured an ODBC data source for the database you are trying to access? I don't remember how to do this but I know it was a necessary step for accessing MS-Access databases from ODBC. Kent ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor