Re: SQL and CSV

In message , andrew cooke wrote: > even if you're not open to injection attacks, you're still less likely to > get escaping correct than a puprose written, widely used library. Escaping isn't really that hard to do. For example, the rules for MySQL literals are clearly spelled out here

Re: SQL and CSV

In message , andrew cooke wrote: > Lawrence D'Oliveiro wrote: >> In message , Peter Otten wrote: >> >>> While it may not matter here using placeholders instead of manually >>> escaping user-provided values is a good habit to get into. >> >> Until you hit things it can't deal with. > > Can you ex

Re: SQL and CSV

even if you're not open to injection attacks, you're still less likely to get escaping correct than a puprose written, widely used library. my request for more information was directed to lawrence, who said "until you hit things it can't deal with" which seemed to be some kind of cryptic argument

Re: SQL and CSV

On May 8, 1:49 pm, "andrew cooke" wrote: > Lawrence D'Oliveiro wrote: > > In message , Peter Otten wrote: > > >> While it may not matter here using placeholders instead of manually > >> escaping user-provided values is a good habit to get into. > > > Until you hit things it can't deal with. > > Th

Re: SQL and CSV

Lawrence D'Oliveiro wrote: > In message , Peter Otten wrote: > >> While it may not matter here using placeholders instead of manually >> escaping user-provided values is a good habit to get into. > > Until you hit things it can't deal with. The post you are replying to was talking about using the

Re: SQL and CSV

In message , Peter Otten wrote: > While it may not matter here using placeholders instead of manually > escaping user-provided values is a good habit to get into. Until you hit things it can't deal with. -- http://mail.python.org/mailman/listinfo/python-list

Re: SQL and CSV

Nick wrote: > self.cursor = self.connection.cursor() > first = True > for row in reader: > if first: > headers = [] > for r in row: > n = r.strip().replace (' ', '_').replace ('-','_') > hea

Re: SQL and CSV

On May 8, 1:45 am, Nick wrote: > On May 5, 8:27 pm, Tim Golden wrote: > > > > > Nick wrote: > > > Part of the problem is that the 'selection' needs to be in a config > > > file. I can put the if row['status'] != 'Cancelled': return True into > > > a config, read it and eval it, but its not quite

Re: SQL and CSV

On May 5, 8:27 pm, Tim Golden wrote: > Nick wrote: > > Part of the problem is that the 'selection' needs to be in a config > > file. I can put the if row['status'] != 'Cancelled': return True into > > a config, read it and eval it, but its not quite as clean as ansql > > route. > > Still not clear

Re: SQL and CSV

Nick wrote: Part of the problem is that the 'selection' needs to be in a config file. I can put the if row['status'] != 'Cancelled': return True into a config, read it and eval it, but its not quite as clean as an sql route. Still not clear what the restriction is. If you were writing SQL you'

Re: SQL and CSV

On May 5, 9:25 am, Nick wrote: > On May 5, 5:19 pm, Tim Golden wrote: > > > > > Nick wrote: > > > I have a requirement to read a CSV file. Normally, no problem, just > > > import CSV and slurp the file up. > > > > However, in this case I want to filter out lines that have fields set > > > to part

Re: SQL and CSV

On May 5, 5:19 pm, Tim Golden wrote: > Nick wrote: > > I have a requirement to read a CSV file. Normally, no problem, just > > import CSV and slurp the file up. > > > However, in this case I want to filter out lines that have fields set > > to particular values. > > > It would be neat to be able t

Re: SQL and CSV

Nick wrote: I have a requirement to read a CSV file. Normally, no problem, just import CSV and slurp the file up. However, in this case I want to filter out lines that have fields set to particular values. It would be neat to be able to do something like this. select * from test.csv where stat