On Mon, Oct 19, 2015 at 3:10 AM, andybrookestar--- via Python-list <python-list@python.org> wrote: > I acknowledge the security points & also by the way I omitted using any Try > Catch statements , because at this stage coming from PHP I was more focused > on getting a select statement to actually work in python. >
That's fine when you're just playing around, starting to get to know the basics. But I hope you'll shift your thinking before deploying anything to production. The PHP model is, as you describe, "do your best to keep going, regardless of what's going wrong". It results in web pages that spew warnings everywhere (possibly revealing internal details of the code's layout, empowering future attacks), tell the user their changes have been saved despite getting an error back from the database, and so on. The Python philosophy is that a correctly-working program is best, next best is one that crashes out with a clean exception, and the very worst is one that barges on and does the wrong thing. I would MUCH rather have my web app throw me back a little 500 (and, by the way, it'll show the end user a simple 500 page, and log the details of the exception for admin eyes only) so it's _obvious_ that the data wasn't saved, or the email wasn't sent, or whatever. Unlike PHP, Python has a simple and trustworthy [1] error handling system. Everything is signalled with a thrown exception; if you know about the error and can handle it, you catch that exception and deal with it. Otherwise, ignore the exception, and someone else will deal with it. You don't have to religiously check return values and remember to handle all those errors that never come up in local testing (like DNS failures and timeouts), not to mention those more obscure errors that you wouldn't even think of (like "disk full" or "out of memory"). Whatever happens, it's an exception. Write your code in this style, and you don't have to worry about the details. ChrisA [1] In PHP, sometimes errors become exceptions, sometimes they become messages printed to the output file, sometimes they get logged, sometimes completely suppressed... and all based on a very complicated set of rules. -- https://mail.python.org/mailman/listinfo/python-list
