On 28 фев, 15:42, Paul McGuire <[EMAIL PROTECTED]> wrote: > On Feb 28, 5:40 am, Temoto <[EMAIL PROTECTED]> wrote: > > > > > Hello. > > > There is a Django application, i need to place all its data into > > Access mdb file and send it to user. > > It seems to me that params filling for statement could be expressed in > > a more beautiful way. > > Since i'm very new to Python, i don't feel that, though. > > > Could you tell your opinion on that snippet? > > > <code> > > sql = """insert into salesmanager > > (employeeid, name, officelocation, departmentname, salary) > > values (?, ?, ?, ?, ?);""" > > params = [] > > for manager in Manager.objects.all(): > > params.append( (manager.id, manager.name, manager.office, > > manager.department, manager.salary) ) > > curs.executemany(sql, params) > > </code> > > Replace: > params = [] > for manager in Manager.objects.all(): > params.append( (manager.id, manager.name, > manager.office, manager.department, > manager.salary) ) > > With this list comprehension: > > params = [ (mgr.id, mgr.name, mgr.office, > mgr.department, mgr.salary) > for mgr in Manager.objects.all() ] > > But the technique you are using, of creating a params list instead of > doing explicit string construction, IS the safe SQL-injection- > resistant way to do this. > > -- Paul
Thanks a lot. I've been actually waiting for a list comprehension. -- http://mail.python.org/mailman/listinfo/python-list
