On 08/05/2013 19:52, Kevin Holleran wrote:
Hello,
I want to connect to a MySQL database, query for some records,
manipulate some data, and then update the database.
When I do something like this:
db_c.execute("SELECT a, b FROM Users")
for row in db_c.fetchall():
(r,d) = row[0].split('|')
(g,e) = domain.split('.')
db_c.execute("UPDATE Users SET g = '"+ g + "' WHERE a ='"+ row[0])
Will using db_c to update the database mess up the loop that is cycling
through db_c.fetchall()?
You shouldn't be building an SQL string like that because it's
susceptible to SQL injection. You should be doing it more like this:
db_c.execute("UPDATE Users SET g = %s WHERE a = %s", (g, row[0]))
The values will then be handled safely for you.
--
http://mail.python.org/mailman/listinfo/python-list
