Carsten Haese wrote: > On Fri, 2007-12-21 at 18:06 +0100, SMALLp wrote: >>>> sql ="INSERT INTO "+dataTable+" (user_name, file_name, >>>> file_size, >>>> file_path_local, file_path_FTP, curent_location, FTP_valid_time, >>>> uploaded, last_modified, last_verified, file_type, file_category) VLAUES >>>> "+data >>>> cursor.execute(sql) > >> Thanks! I solved the problem. And I thing i understand now. > > You may have solved your initial problem, but the above snippet raises > two red flags: > > 1) Why is the table name coming from a variable? This implies to me that > you a working with a collection of tables with different names that all > have the same column names. If that is the case, that smells of really > bad database design. If at all possible, those tables should be merged > into one table that has an additional column (or set of columns) for > distinguishing which "fragment" each row is in. > > 2) Sticking literal values into an SQL query string is a bad idea. You > should learn about parametrized queries, e.g. here: > http://informixdb.blogspot.com/2007/07/filling-in-blanks.html > > Hope this helps, > Good question. I'm using only one tale and have no idea why i had table name from variable. But every new knowledge comes handy.
One more question. How does my code looks like. I couldn't find any open source program written in python to learn from, so i read some tutorials and I'm not sure about how it looks. -- http://mail.python.org/mailman/listinfo/python-list
