On Wed, Dec 20, 2006 at 09:22:59AM +0100, Fredrik Lundh wrote:
> Andrew Sackville-West wrote:
>
> > I've also tried building tuples and lists and then using this
> >
> > cursor.execute("insert into daily values (%s)", values)
> >
> > with no luck. it appears to me that I have to put in all 132 '%s' in
> > order to make that work and that just seems stupid.
>
> on the other hand, hackers just *love* people who think they're too
> clever to do things in a safe and robust way:
>
> http://en.wikipedia.org/wiki/SQL_injection
good point. when I go for world domination and put this thing on the
web, I'll watch for that ;-). seriously though, this is merely an
internal operation in my one man show where I can more easily access
historical sales data.
>
> using parameterized inserts also speeds things up for many databases,
> since the database engine don't have to parse and and analyze the sql
> statement over and over and over again.
>
> to quickly generate the parameter list, use string repeat to create the
> parameter list:
>
> params = "(" + ",".join(["%s"]*len(values)) + ")"
> cursor.execute("insert into daily values " + params, values)
>
okay. this is great. thanks!
> you probably want to do some normalization work on your database too,
> but that's another story.
>
indeed. there is definitely some duplicated data, or rather derived
data (if that's the right term), but not a whole lot. I suppose I will
get to that sooner or later. first thing, for me, is to get the data
into something more useable than a bunch of flat files on another
machine on my lan.
thanks a bunch for your pointers.
A
signature.asc
Description: Digital signature
-- http://mail.python.org/mailman/listinfo/python-list
