Yes, Steve you have a very good point.
Gregarcian, I am using the parameterized SQL to avoid such
vulunerability.
for example in your example use
name = "%'WAITFOR DELAY '00:00:03'--%"
and directly substitute it to the statement
"select * from table_name where name like '%s' " % (name)
The server w
Yes, the statement you tried is a valid statement
also
>>> name = "%'WAITFOR DELAY '00:00:03'--%"
>>> "SELECT * FROM tb_name WHERE firstname LIKE '%s'" % name
is also valid.
My question is how to use the LIKE statements using ADO.in python
:-|
--
http://mail.python.org/mailman/listinfo/python-lis
Hi Gregarican,
I am the original poster and yes this is a production code level
problem.
Do u have inputs for a solution?
/Raja Raman
--
http://mail.python.org/mailman/listinfo/python-list
Hello Steve, Roger and Pete,
Nice to read your reply. Well, I can do an assert check for
integers and then filter out hazardous SQL injection characters for
varchars and do a direct substitution of the filtered values with the
SQL statement.
But by using ADO, input strings can be treated as wh
This does not seem to work well Roger
>>> value = '%raj%'
>>> cmd.CommandText = "select * from table_name where firstname LIKE ?"
result is 0 where I expected 4
/Raja Raman
--
http://mail.python.org/mailman/listinfo/python-list
Yes, reportlad is a good tool for creating pdf and images
--
http://mail.python.org/mailman/listinfo/python-list
Ok guys! The problem seems to be much easier to be solved than first
thought. -->Shoot<--
Using the correct CreateParameter statement seems to do the trick.
For example creating the parameter as
cmd.CreateParameter(name,const.adVarChar, const.adParamInput, Size=16,
Value=value[i])
Hi Gregarican,
Thanks for sharing your code. One needs to add the % signs if one
wants to do wildcard searches using LIKE in the SQL server.
Do as Roger and Steve suggested '%raj%', now you can find the names
containing the word raj anywhere in the column.
just value = 'raj' is only going to fe
Hello guys,
I have data stored in the database which has special characters
like <, > etc.
Case 1: Whenever I wanted to present the output to a browser
I need to escape these special characters into the browser
equivalent like < > etc.( for example by using the cgi module)
Case 2: Whenev
Correction: I meant __builtin__.getattr method and not the other one I
mentioned.
:-)
Thanks
Raja
Raja Raman Sundararajan skrev:
> Hello guys,
> I have data stored in the database which has special characters
> like <, > etc.
> Case 1: Whenever I wanted to present the o
Hello Gabriel Genellina and Diez B. Roggisch,
Thanks for sharing your opinions. I agree with Gabriel when he
talks about the separation between the presentation and the DB level
access and the drawbacks of introducing character manipulation. The
problem that I am facing right now is that the p
try this. maybe this is what you want?
reg = re.compile('Name:.*\\n', re.IGNORECASE)
--
http://mail.python.org/mailman/listinfo/python-list
Oh! yes you can use re for that.
You just need to change the pattern a bit
I did not understand where the "title" will be so I have ignored it,
but I got something below which will be helpful for you
>>> value = """name:asasasasas\nrequest: play\ntitle"""
>>> reg = re.compile('Name:.*\\nrequest:.
Hello guys,
I was investigating how one can use the "text indexers" in python
and I stumbled across several ones. eg., pylucene
I wanted to know how the algorithm of indexers look like. I have heard
people talking about B-Trees. But this info. is simply know enough. I
would like to know exactl
Hello guys,
Is there any nice library to generate word documents using Python.
As of today I am generating a HTML document and then open it with MS
Word.
But the problem is that I am not able to control the pages in the
document and as a result of it the output looks terrible.
I have been usi
Hi Tim,
Thanks for your PyRTF suggestion. I am checking it out now
:-)
/R
--
http://mail.python.org/mailman/listinfo/python-list
Hi guys,
Thanks for your note Grant.
I had a look at the pyRTF and it seems to be quite impressive :-)
I actually works for my needs except the below, concerning cells in a
table
For cells in a table, pyRTF does not support
1. ALIGN_RIGHT
2. Cell background
Do you guys have any idea of how to
Hello,
I have been playing around with pyRTF module for generating rtf
documents.
Its a very nice tool that fits my basic needs. However I have a problem
controlling cells in
a table.
I am not able to
1. do an align right of contents inside a cell
2. set backgroundcolor of a cell
3. I wonder i
Yeah, thats a good approach.
I have been fiddling around to implement that feature in elements.py
and RTF specification from msdn
However, I have not been successful thus far.
To answer my first question:
> 1. do an align right of contents inside a cell
Its not possible by speficying alignment in
Hi Michel,
Well, Office 12 will have very many features. Thats true.
But my document needs to work in all versions of Office.
I hope that pyRtf generated file is fully rtf compatible. :-)
But so far I think it is quite okay.
To answer my first question:
> 1. do an align right of contents inside
Hi paron,
I am using PyRTF as of now and it seems to fit my need quite well
and it works like a charm :-).
I have made a wrapper around it so that it will easier for me to switch
the backend for generating the word/RTF docs later.
May be, it will be openoffice :-)
I appreciate your input. Thank
21 matches
Mail list logo
