[SQL] create a database on the fly

Thu, 16 Jul 2009 07:22:37 -0700 

Hi guys,


my problem may be python only related but I dare posting here anyway.

I try to create databases on the fly according to some user input.
After searching on the net, I realized that I can't use the following
statement
as %s will be replaced by '%s'. And "CREATE DATABASE" statement
forbids using quotes...


So I decided to use python's sweet % concatenation to solve my problem (even
though this could lead me to sql injection...)


Here is my model :



class myClass(models.Model):
        db_name = models.CharField('company name', unique='true', max_length
= 50)

        def createAssociatedDatabase(self):
                """
                Create the User Database
                """
                cursor = connection.cursor()
                cursor.execute("CREATE DATABASE %s" % self.db_name)



when I then use my method, I got the following error :

>>> c.createAssociatedDatabase()

Traceback (most recent call last):
  File "<console>", line 1, in <module>
  [...] admin/models.py", line 41, in createAssociatedDatabase
    cursor.execute("CREATE DATABASE user_%s" *%* (self.db_name))
  File "/var/lib/python-support/python2.6/django/db/backends/util.py", line
19, in execute
    return self.cursor.execute(sql, params)
  File "/var/lib/python-support/python2.6/django/db/backends/mysql/base.py",
line 83, in execute
    return self.cursor.execute(query, args)
  File "/var/lib/python-support/python2.6/MySQLdb/cursors.py", line 166, in
execute
    self.errorhandler(self, exc, value)
  File "/var/lib/python-support/python2.6/MySQLdb/connections.py", line 35,
in defaulterrorhandler
    raise errorclass, errorvalue
ProgrammingError: (1064, "You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax to
use near ''test'' at line 1")


But ...


In a shell :
>>> c = myClass()
>>> c.db_name = "test"
>>> cursor.execute("CREATE DATABASE user_%s" % (c.db_name))
1L


Which is GOOD



This means that the Quoting is done in my method and not when I use the
execute myself ...


any idea ?


thank you very much !

-- 
sebastien requiem

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to