On Sat, Dec 26, 2009 at 4:52 PM, Carsten Haese <carsten.ha...@gmail.com>wrote:
> Victor Subervi wrote:
> > Right. Thank you again. I'd forgotten to put in
> > enctype="multipart/form-data". Now I have the following snipped:
> >
> > for pic in ourPics:
> > sql = 'update %s set pic%d=%s where ID="%s";' % (store, i,
> > (MySQLdb.Binary(pic),), id)
> > print sql
> > # cursor.execute(sql)
>
> This binds the name <<sql>> to a string containing an "update" statement...
>
> > Which prints to screen the following:
> >
> > insert into products (SKU, Category, Name, Title, Description, Price,
> > SortFactor, Availability, OutOfStock, ShipFlatFee, ShipPercentPrice,
> > ShipPercentWeight, Associations, TempPrice, LastDatePrice, Weight,
> > Metal, PercentMetal, pic0, pic1, sizes, colorsShadesNumbersShort)
> > values("prodSKU1", "prodCat1", "name1", "title1", "descr", "12.34",
> > "500", "1", "0", "10.00", "5", "2", "", "1", "2000-01-01", "2.5", "",
> > "20", "����� JFIF� �H�H����
>
> ...and that's an "insert" statement, so that's clearly not the output
> from the code you posted above.
>
Oops. The update and insert are the same with regard to the problem at hand,
but how were you to know? Sorry <:-}
>
> > and a bunch more binary data. This fails on insert. If I recall
> > correctly, I need to convert that binary data into something like (c,
> > array(... How do I do that? I'll include all code below in case it's
> > necessary.
>
> You have been told many, many times before, by myself and others, not to
> embed values directly into the query string. Use parameter binding to
> transmit the values to the database. I'm sure you'll find an old post of
> mine somewhere in the archives of this list in which I showed you how to
> do that.
>
Thank you. Now I remember. Thank you for your patience, Carsten. I don't
know why I'm so dense! At least I can laugh at myself :/
beno
--
http://mail.python.org/mailman/listinfo/python-list
