Στις 18/6/2013 4:42 πμ, ο/η Dennis Lee Bieber έγραψε:
Do you ever COMMIT the changes.
cur.execute("update anything set something = whatever where that =
this")
without doing a con.commit() is just going to rollback the changes.
committing the changes inst necessary neither i
Στις 18/6/2013 2:30 πμ, ο/η Dennis Lee Bieber έγραψε:
In the case of MySQLdb -- IT will wrap each argument with quotes, along
with escaping any special characters.
Even if the query is something like:
http://superhost.gr/cgi-bin/files.py?filename="Select.";
From what exactly the
Finally i made it!! Here it is:
#
=
# Have 1:1 mapping of files <-> database records, delete spurious
#
==
On Mon, 17 Jun 2013 19:39:16 +0300, Simpleton wrote:
> Hello again, something simple this time:
Have you read these links yet?
http://sscce.org/
http://www.catb.org/esr/faqs/smart-questions.html
Especially the first one. Until you read it, and follow it's advice, I
will not answer your ques
Στις 18/6/2013 1:22 πμ, ο/η MRAB έγραψε:
On 17/06/2013 21:44, John Gordon wrote:
In Alister
writes:
> #update file's counter if cookie does not exist cur.execute('''UPDATE
> files SET hits = hits + 1, host = %s, lastvisit =
> %s WHERE url = %s''', (host, lastvisit, filename) )
>
> if cur.row
On 17/06/2013 21:44, John Gordon wrote:
In Alister writes:
> #update file's counter if cookie does not exist cur.execute('''UPDATE
> files SET hits = hits + 1, host = %s, lastvisit =
> %s WHERE url = %s''', (host, lastvisit, filename) )
>
> if cur.rowcount:
>print( " database has
In Alister writes:
> > #update file's counter if cookie does not exist cur.execute('''UPDATE
> > files SET hits = hits + 1, host = %s, lastvisit =
> > %s WHERE url = %s''', (host, lastvisit, filename) )
> >
> > if cur.rowcount:
> > print( " database has been affected" )
> >
> > ind
On Mon, 17 Jun 2013 20:26:57 +, Alister wrote:
> On Mon, 17 Jun 2013 22:30:57 +0300, Νίκος wrote:
>
>> On 17/6/2013 10:05 μμ, Alister wrote:
>>> You are correct Nicos, passing the values as a parameter list does
>>> protect you from SQL injection JT has made an error.
>>
>> Even if the query
On Mon, 17 Jun 2013 20:44:03 +, John Gordon wrote:
> In Alister
> writes:
>
>> > #update file's counter if cookie does not exist cur.execute('''UPDATE
>> > files SET hits = hits + 1, host = %s, lastvisit =
>> > %s WHERE url = %s''', (host, lastvisit, filename) )
>> >
>> > if cur.rowcount:
On Mon, 17 Jun 2013 22:28:47 +0300, Νίκος wrote:
> On 17/6/2013 10:19 μμ, John Gordon wrote:
>> Print the cur.rowcount attribute, which contains the number of rows
>> that were affected by the update. If it's zero, that should tell you
>> something.
>
>
> #update file's counter if cookie does n
On Mon, 17 Jun 2013 19:16:02 +, Jens Thoms Toerring wrote:
> MRAB wrote:
>> On 17/06/2013 19:32, Jens Thoms Toerring wrote:
>> > As I wrote you need *single* quotes around strings in SQL statements.
>> > Double quotes won't do - this is SQL and not Python so you're dealing
>> > with a differe
On Mon, 17 Jun 2013 22:30:57 +0300, Νίκος wrote:
> On 17/6/2013 10:05 μμ, Alister wrote:
>> You are correct Nicos, passing the values as a parameter list does
>> protect you from SQL injection JT has made an error.
>
> Even if the query is somehting like:
>
> http://superhost.gr/cgi-bin/files.py
On 17/6/2013 10:05 μμ, Alister wrote:
You are correct Nicos, passing the values as a parameter list does
protect you from SQL injection JT has made an error.
Even if the query is somehting like:
http://superhost.gr/cgi-bin/files.py?filename="Select.";
From what exactly the comma protects
On 17/6/2013 10:19 μμ, John Gordon wrote:
Print the cur.rowcount attribute, which contains the number of rows that
were affected by the update. If it's zero, that should tell you something.
#update file's counter if cookie does not exist
cur.execute('''UPDATE files SET hits = hits + 1, host =
In Simpleton writes:
> if form.getvalue('filename'):
> cur.execute('''UPDATE files SET hits = hits + 1, host = %s, lastvisit =
> %s WHERE url = %s''', (host, lastvisit, filename) )
Add an 'else' statement above that prints something, so you will at least
know if the UPDATE statement is e
MRAB wrote:
> On 17/06/2013 19:32, Jens Thoms Toerring wrote:
> > As I wrote you need *single* quotes around strings in
> > SQL statements. Double quotes won't do - this is SQL
> > and not Python so you're dealing with a different lan-
> > guage and thus different rules apply. The triple single
>
On Mon, 17 Jun 2013 21:06:16 +0300, Νίκος wrote:
>
> But the comma inside the execute statement doesn't protect me from such
> actions opposed when i was using a substitute operator?
You are correct Nicos, passing the values as a parameter list does
protect you from SQL injection JT has made an
On 17/06/2013 19:32, Jens Thoms Toerring wrote:
Νίκος wrote:
On 17/6/2013 8:54 μμ, Jens Thoms Toerring wrote:
> Also take care to check the filename you insert - a malicous
> user might cobble together a file name that is actually a SQL
> statement and then do nasty things to your database. I.e
Νίκος wrote:
> On 17/6/2013 8:54 μμ, Jens Thoms Toerring wrote:
> > Also take care to check the filename you insert - a malicous
> > user might cobble together a file name that is actually a SQL
> > statement and then do nasty things to your database. I.e. never
> > insert values you received from
On 17/6/2013 8:54 μμ, Jens Thoms Toerring wrote:
Also take care to check the filename you insert - a malicous
user might cobble together a file name that is actually a SQL
statement and then do nasty things to your database. I.e. never
insert values you received from a user without checking them.
In article you wrote:
> After a user selects a file from the form, that sleection of his can be
> found form reading the variable 'filename'
> If the filename already exists in to the database i want to update its
> counter and that is what i'm trying to accomplish by:
> ---
> if form.
On 17/6/2013 8:40 μμ, MRAB wrote:
On 17/06/2013 17:39, Simpleton wrote:
Hello again, something simple this time:
After a user selects a file from the form, that sleection of his can be
found form reading the variable 'filename'
If the filename already exists in to the database i want to update
In Simpleton writes:
> Hello again, something simple this time:
> After a user selects a file from the form, that sleection of his can be
> found form reading the variable 'filename'
> If the filename already exists in to the database i want to update its
> counter and that is what i'm tryin
On 17/06/2013 17:39, Simpleton wrote:
Hello again, something simple this time:
After a user selects a file from the form, that sleection of his can be
found form reading the variable 'filename'
If the filename already exists in to the database i want to update its
counter and that is what i'm t
Hello again, something simple this time:
After a user selects a file from the form, that sleection of his can be
found form reading the variable 'filename'
If the filename already exists in to the database i want to update its
counter and that is what i'm trying to accomplish by:
--
25 matches
Mail list logo
