On Feb 28, 8:58 am, Temoto <[EMAIL PROTECTED]> wrote:
> On 28 ÆÅ×, 15:42, Paul McGuire <[EMAIL PROTECTED]> wrote:
>
>
>
>
>
> > On Feb 28, 5:40 am, Temoto <[EMAIL PROTECTED]> wrote:
>
> > > Hello.
>
> > > There is a Django application, i need to place all its data into
> > > Access mdb file and send it to user.
> > > It seems to me that params filling for statement could be expressed in
> > > a more beautiful way.
> > > Since i'm very new to Python, i don't feel that, though.
>
> > > Could you tell your opinion on that snippet?
>
> > > <code>
> > > sql = """insert into salesmanager
> > > (employeeid, name, officelocation, departmentname, salary)
> > > values (?, ?, ?, ?, ?);"""
> > > params = []
> > > for manager in Manager.objects.all():
> > > params.append( (manager.id, manager.name, manager.office,
> > > manager.department, manager.salary) )
> > > curs.executemany(sql, params)
> > > </code>
>
> > Replace:
> > params = []
> > for manager in Manager.objects.all():
> > params.append( (manager.id, manager.name,
> > manager.office, manager.department,
> > manager.salary) )
>
> > With this list comprehension:
>
> > params = [ (mgr.id, mgr.name, mgr.office,
> > mgr.department, mgr.salary)
> > for mgr in Manager.objects.all() ]
>
> > But the technique you are using, of creating a params list instead of
> > doing explicit string construction, IS the safe SQL-injection-
> > resistant way to do this.
>
> > -- Paul
>
> Thanks a lot. I've been actually waiting for a list comprehension.- Hide
> quoted text -
>
> - Show quoted text -
In general, whenever you have:
someNewList = []
for smthg in someSequence:
if condition(smthg):
someNewList.append( elementDerivedFrom(smthg) )
replace it with:
someNewList = [ elementDerivedFrom(smthg)
for smthg in someSequence
if condition(smthg) ]
-- Paul
--
http://mail.python.org/mailman/listinfo/python-list
