In message <xns9bfa70e834f97duncanbo...@127.0.0.1>, Duncan Booth wrote:
> Lawrence D'Oliveiro <l...@geek-central.gen.new_zealand> wrote:
>
>> In message <gt3fv1$1ac...@news.ett.com.ua>, Paul Hemans wrote:
>>
>>> One problem though that I didn't mention in my original
>>> posting was that the replication may only require updating one or
>>> more fields, that is a problem with a generating a single SQL
>>> statement to cover all requests.
>>
>> That's not a big issue. Assume the field names and corresponding
>> values are coming from a Python dict, eg
>>
>> FieldValues = \
>> {
>> "field1" : ... value1 ...;
>> "field2" : ... value2 ...;
>> }
>>
>> then you can construct an SQL statement on the fly with something like
>>
>> sqlcmd = \
>> (
>> "insert into my_table set "
>> +
>> ", ".join
>> (
>> "%s = %s" % (k, SQLString(FieldValues[k]))
>> for k in FieldValues.keys()
>> )
>> )
>>
>> where SQLString is as defined at
>><http://codecodex.com/wiki/index.php?
> title=Useful_MySQL_Routines#Quoting
>>>.
>>
>>
>
> Not so nice if the input data is something like:
>
> FieldValues = { "field1=0);DROP my_table;": "" }
>
> So you want something to validate fieldnames.
That's not going to happen. These are field names, not values you're talking
about.
> Also you are assuming that all the values are strings ...
No I'm not.
--
http://mail.python.org/mailman/listinfo/python-list
