Re: [newbie] problem trying out simple non object oriented use of Tkinter

2013-12-06 Thread Daniel Watkins 
Hi Jean,

On Fri, Dec 06, 2013 at 04:24:59AM -0800, Jean Dubois wrote:
> I'm trying out Tkinter with the (non object oriented) code fragment below:
> It works partially as I expected, but I thought that pressing "1" would
> cause the program to quit, however I get this message:
> TypeError: quit() takes no arguments (1 given), I tried changing quit to 
> quit()
> but that makes things even worse. So my question: can anyone here help me
> debug this?

I don't know the details of the Tkinter library, but you could find out
what quit is being passed by modifying it to take a single parameter and
printing it out (or using pdb):

def quit(param):
print(param)
sys.exit()

Having taken a quick look at the documentation, it looks like event
handlers (like your quit function) are passed the event that triggered
them.  So you can probably just ignore the parameter:

def quit(_):
sys.exit()


Cheers,

Dan
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')'

2013-12-09 Thread Daniel Watkins 
On Mon, Dec 09, 2013 at 12:41:57AM -0800, Jai wrote:
> sql = """insert into `category` (url, catagory,price) VAlUES ('%s', 
> '%s', '%s')"""%(link1,x,y)
> sql = unicodedata.normalize('NFKD', sql).encode('ascii','ignore')
> cursor.execute(sql)
> 
> ProgrammingError: (1064, "You have an error in your SQL syntax; check the 
> manual that corresponds to your MySQL server version for the right syntax to 
> use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1")

Though you haven't given the full traceback, I suspect that the lines
above are what is causing your problem.  My best guess is that you're
being hit by a form of SQL injection[0], in that the values you are
combining in to your query have single quotes which are resulting in an
SQL statement that looks like:

insert into `category` (url, category, price) VALUES ('...', 'MEN'S SIZE 
11.5 NEW IN BOX', '$49.99');

As you can see, the second value you are passing has mismatched quotes.
This is a common problem, so the MySQLdb library handles it by allowing
you to pass in the values you want to cursor.execute; it then takes care
of escaping them correctly:

sql = """insert into `category` (url, catagory,price) VAlUES ('%s', '%s', 
'%s')"""
cursor.execute(sql, (link1, x, y))

I'm not 100% sure what the Unicode normalisation is meant to be doing,
so you'll have to work out how to integrate that yourself.


Cheers,

Dan


[0] https://en.wikipedia.org/wiki/SQL_injection
-- 
https://mail.python.org/mailman/listinfo/python-list