Re: Quoting quotes

t; File "", line 1 > print """The play "All's Well That Ends Well"""" >^ > SyntaxError: EOL while scanning single-quoted string Use triple simple single quotes: >>> print '''"All's Well That Ends Well"''' "All's Well That Ends Well" -- Victor Stinner http://www.haypocalc.com/ -- http://mail.python.org/mailman/listinfo/python-list

Re: Challenge: escape from the pysandbox

will be in the future? I don't know this project. Do you have the URL of the project home page? Is it the "safelite.py" project? -- Victor Stinner http://www.haypocalc.com/ -- http://mail.python.org/mailman/listinfo/python-list

Re: Challenge: escape from the pysandbox

projects are very close: most protections are based on blacklists, whereas RestrictedPython is only based on whitelists. -- Victor Stinner http://www.haypocalc.com/ -- http://mail.python.org/mailman/listinfo/python-list

Permission Problem

Hi; I encountered and solved this problem before with the help of the list, but it's back, and I've reviewed and done everything I was shown to do last time, so I'm lost. Here's the script: #!/usr/bin/python import cgitb; cgitb.enable() import cgi import sys,os sys.path.append(os.getcwd()) from l

Re: Permission Problem

Never mind. I figured out my error. beno On Mon, Mar 1, 2010 at 10:02 AM, Victor Subervi wrote: > Hi; > I encountered and solved this problem before with the help of the list, but > it's back, and I've reviewed and done everything I was shown to do last > time, so I

Email Script

Hi; I have the following code: def my_mail(): user, passwd, db, host = login() database = MySQLdb.connect(host, user, passwd, db) cursor= database.cursor() ourEmail1 = 'mari...@globalsolutionsgroup.vi' ourEmail1 = 'p...@globalsolutionsgroup.vi' ourEmail2 = 'benoismyn...@gmail.com' fo

Re: Email Script

On Tue, Mar 2, 2010 at 11:48 AM, Victor Subervi wrote: > Hi; > I have the following code: > > def my_mail(): > user, passwd, db, host = login() > database = MySQLdb.connect(host, user, passwd, db) > cursor= database.cursor() > ourEmail1 = 'mari...@globalsol

Re: Email Script

On Tue, Mar 2, 2010 at 11:53 AM, Victor Subervi wrote: > On Tue, Mar 2, 2010 at 11:48 AM, Victor Subervi > wrote: > >> Hi; >> I have the following code: >> >> def my_mail(): >> user, passwd, db, host = login() >> database = MySQLdb.connect(host, u

Re: Email Script

On Tue, Mar 2, 2010 at 12:56 PM, Victor Subervi wrote: > On Tue, Mar 2, 2010 at 11:53 AM, Victor Subervi > wrote: > >> On Tue, Mar 2, 2010 at 11:48 AM, Victor Subervi >> wrote: >> >>> Hi; >>> I have the following code: >>> >>> def m

Re: Challenge: escape from the pysandbox

otect all access to OS resources (but I try to do that :-)). pysandbox is a possible solution to the second problem: control Python object space. -- Victor Stinner http://www.haypocalc.com/ -- http://mail.python.org/mailman/listinfo/python-list

Re: Challenge: escape from the pysandbox

Le dimanche 28 février 2010 17:43:07, Victor Stinner a écrit : > Yes, Google AppEngine has its Python sandbox and the source code is > available online. I don't know the license. I found 7 vulnerabilities in 1 > hour :-) I contacted Google security team. (...) There are other >

scipy sparse matrix question

I can't find any detailed information about scipy.sparse. My specific question: what does "for x in A" give me when A is a sparse matrix? It seems to yield all nonzero locations, but in what kind of form? Very specifically: how do I get the (i,j) coordinates and the value

Re: scipy sparse matrix question

Terry Reedy wrote: > > My specific question: what does "for x in A" give me when A is a sparse > > matrix? > > Try it and see what you get. Ah, how do I see what I get? If I print it it looks plausible, but I don't know how to pull it apart. It doesn't see

Interacting With Another Script

Hi; There's a program (vpopmail) that has commands which, when called, request input ("email address", "password", etc.) from the command line. I would like to build a TTW interface for my clients to use that interacts with these commands. It's easy enough for me to get the information from a scrip

Re: Interacting With Another Script

On Wed, Mar 10, 2010 at 10:16 PM, alex23 wrote: > Victor Subervi wrote: > > > There's a program (vpopmail) that has commands which, when called, > request > > > input ("email address", "password", etc.) from the command line. I > would >

Help Troubleshooting

Hi; I'm running Pexpect (no discussion list) with the following code: #! /usr/bin/python import pexpect def runVpopmail(whatdo, acct, domain, newpw, oldpw=''): if whatdo == 'vadduser': child = pexpect.spawn('/home/vpopmail/bin/%s %...@%s %s' % (whatdo, acct, domain, newpw)) elif whatdo ==

sort array, apply rearrangement to second

this needs to be done as efficiently as possible. I could use a hand. Victor. -- Victor Eijkhout -- eijkhout at tacc utexas edu -- http://mail.python.org/mailman/listinfo/python-list

Re: sort array, apply rearrangement to second

Robert Kern wrote: > second[first.argsort()] Really cool. Thanks. > Ask numpy questions on the numpy mailing list. I will. I thought that this question would have an answer in a generic python idiom. Victor. -- Victor Eijkhout -- eijkhout at tacc utexas edu -- http://mail.pyth

Printing from Web Page

Hi; I need to be able to print something from a Web page: not the entire page but what I specify. I am writing the page and the client is surfing to it. How do I do this? TIA, beno -- http://mail.python.org/mailman/listinfo/python-list

Re: Printing from Web Page

On Sun, Nov 21, 2010 at 5:35 AM, FELD Boris wrote: > I think the best way to do this is using css with specific media type. > Take a look at : http://martybugs.net/articles/print.cgi > Oh, man, this is perfect! Thanks! beno -- http://mail.python.org/mailman/listinfo/python-list

Re: MATLAB to Python?

MATLABdude wrote: > Also the > values themselves are not identical compared to the values of the > MATLAB program. In numerical analysis there is no such thing as identical. If they differ by 1.e-10 I'd call it close enough. The difference comes from differing numerical me

Generator question

ppreciated. Victor. -- Victor Eijkhout -- eijkhout at tacc utexas edu -- http://mail.python.org/mailman/listinfo/python-list

Re: Generator question

Dan Stromberg wrote: > You likely want a class variable: Sounds like an elegant solution. Thanks! Victor. -- Victor Eijkhout -- eijkhout at tacc utexas edu -- http://mail.python.org/mailman/listinfo/python-list

Problem w/ MySQLdb

Hi; I have a function that calls the following class: #!/usr/bin/python import sys,os sys.path.append(os.getcwd()) import MySQLdb from login import login import re, string def buildTableColorShortOptions(): user, passwd, db, host = login() database = MySQLdb.connect(host, user, passwd, db)

Re: Problem w/ MySQLdb

It's been too long since I've worked on this. Yep, I forgot to commit. Thanks, Beno On Tue, Feb 15, 2011 at 5:21 PM, Jerry Hill wrote: > On Tue, Feb 15, 2011 at 3:24 PM, Victor Subervi > wrote: > > It builds the table but fails from the first insertion. Trying to inse

OT: Need Interactivity With the Browser

Hi; I would like to build a component where the user can go to a page, say he'd like to upload so many ("x") number of photos, click a button and without leaving the page have three sets of upload widgets pop up. I think this is done with Json; however, I can't find much info or tutorials on the sa

Another MySQLdb Q

Hi; I have this code: db = MySQLdb.connect(host, user, passwd, db) cursor= db.cursor() cursor.execute(sql, id) db.commit() It throws no errors and gives every indication that it executes the command. I've printed out the command and the id and executed it successfully in mysql...but not in

Tempering Client Expectations (OT)

Hi; I'm working with my first client where I've developed a custom script. I way underbid the project and I ate that as part of my learning experience. We outlined as precisely as I knew how what functionality was needed. Then he went to input data and lo and behold he needed more functionality. I

Refresh Problem

Hi; I send variables to a script. The script adds appropriate lines into a database of an order to my shopping cart. When I refresh the screen, as no doubt some customers will do, it re-ads those orders. Now, I can delete them, but that's not the point. I don't want it to re-ad the orders. How do I

Re: Tempering Client Expectations (OT)

On Sat, Apr 10, 2010 at 3:14 PM, Tim Chase wrote: > 1) Preeminently, address second-order ignorance. Tim, throughout this post, you're way out of line. The s/w I have already built for this client works just fine. It's not a matter or not having the tools or not knowing how to use them. Pay atte

Re: Refresh Problem

On Sun, Apr 11, 2010 at 4:29 PM, Tim Chase wrote: > On 04/11/2010 02:53 PM, MRAB wrote: > >> Victor Subervi wrote: >> >>> Hi; >>> I send variables to a script. The script adds appropriate lines into a >>> database of an order to my shopping cart. Wh

Re: Refresh Problem

On Mon, Apr 12, 2010 at 9:03 AM, Victor Subervi wrote: > On Sun, Apr 11, 2010 at 4:29 PM, Tim Chase > wrote: > >> On 04/11/2010 02:53 PM, MRAB wrote: >> >>> Victor Subervi wrote: >>> >>>> Hi; >>>> I send variables to a script. The sc

Re: Tempering Client Expectations (OT)

On Mon, Apr 12, 2010 at 10:29 AM, Tim Chase wrote: > your own inaccurate assumptions and answer those, please. >> > > > Heh, my wife and I joke that in those "can this marriage be saved" > newspaper columns, every answer boils down to "communication is key". Keep > the customer tightly in the loo

long int computations

I have two long ints, both too long to convert to float, but their ratio is something reasonable. How can I compute that? The obvious "(1.*x)/y" does not work. Victor. -- Victor Eijkhout -- eijkhout at tacc utexas edu -- http://mail.python.org/mailman/listinfo/python-list

Re: long int computations

Jerry Hill wrote: > >>> from __future__ import division > >>> long1/long2 > 0.5 Beautiful. Thanks so much guys. Victor. -- Victor Eijkhout -- eijkhout at tacc utexas edu -- http://mail.python.org/mailman/listinfo/python-list

Re: long int computations

Mensanator wrote: > You could try using the gmpy module. It supports arbitrary precision > floats, so converting long to float is no problem. I fear I may actually have to go symbolic. I'm now having to use the 12th root of 2, and I would like the twelfth power of that to be exactly

Strange MySQL Problem

Hi; I have this code: #!/usr/bin/python import cgitb; cgitb.enable() import cgi import sys,os sys.path.append(os.getcwd()) import MySQLdb from login import login def create_edit_passengers4(): print "Content-Type: text/html" print print ''' http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.d

Re: Strange MySQL Problem

On Thu, May 20, 2010 at 12:56 PM, MRAB wrote: > > When performing SQL operations, don't insert the values using Python's > string formatting, because that makes it vulnerable to SQL-injection > attacks, ie don't do this: > >cursor.execute(sql_command % values) > > do this: > >cursor.execu

Another Strange MySQL Problem

Hi; When I try to execute this code from my Python script, I get this error: Traceback (most recent call last): File "/var/www/html/creative.vi/clients/sea-flight/reservations/create_edit_bags3.py", line 38, in ? create_edit_bags3() File "/var/www/html/creative.vi/clients/sea-flight/res

Re: Another Strange MySQL Problem

On Fri, May 21, 2010 at 2:40 PM, Tim Chase wrote: > On 05/21/2010 12:31 PM, Victor Subervi wrote: > >> cursor.execute('insert into Baggage values (Null, %s, %s, %s, >> %s)', (flight_id, customer_id, weight, ticket_no)) >> > > You're trying to i

Just To Be Sure...MySQL

Hi; A lister recently responded to my post concerning mysl commands of the following type: cursor.execute('insert into foo values (%s, %s)' % (bar, something)) stating that I need to eliminate the "%" to prevent injection attacks, thus: cursor.execute('insert into foo values (%s, %s)', (bar, som

A Quick MySQL Question

Hi; I have the following: #sql = 'alter table %s alter column %s set default "%%s";' % (store, col) #cursor.execute(sql, colValue) cursor.execute('alter table %s alter column %s set default "%s";' % (store, col, colValue)) database.commit() Now I don't like that th

Re: A Quick MySQL Question

On Tue, May 25, 2010 at 3:50 AM, Dennis Lee Bieber wrote: > On Mon, 24 May 2010 13:37:58 -0400, Victor Subervi > declaimed the following in >Parameterized queries process the parameters to ensure that they are > safe for use in the SQL statement. > >In the c

Another Little MySQL Problem

Hi; I have this code: clientCursor.execute('select ID from %s' % (personalDataTable)) upds = [itm[0] for itm in clientCursor] print "" % upds The problem is that the values passed are 1L, 2L When I retrieve them on the other end and try to convert them to integers, guess what happ

Re: A Quick MySQL Question

On Wed, May 26, 2010 at 2:42 AM, Dennis Lee Bieber wrote: > I was, for that example, assuming that the user input "values" was > being used in a select query and hence wrapped it with wildcard markers > so that the phrase would match anywhere in the data field. > In said thread you wrote the foll

Re: Another Little MySQL Problem

On Wed, May 26, 2010 at 11:25 AM, Kushal Kumaran wrote: > On Tue, 2010-05-25 at 14:45 -0400, Victor Subervi wrote: > > Hi; > > I have this code: > > > > clientCursor.execute('select ID from %s' % (personalDataTable)) > > upds = [itm[0] for i

Yet Another MySQL Problem

Hi; I have this code: sql = "insert into %s (%s) values ('%%s');" % (personalDataTable, string.join(cols[1:], ', ')) #cursor.execute(sql, string.join(vals[1:], "', '")) cursor.execute('insert into %s (%s) values ("%s");' % (personalDataTable, string.join(cols[1:], ', '), string.join(va

Re: Yet Another MySQL Problem

On Thu, May 27, 2010 at 8:34 AM, Victor Subervi wrote: > Hi; > I have this code: > > sql = "insert into %s (%s) values ('%%s');" % (personalDataTable, > string.join(cols[1:], ', ')) > #cursor.execute(sql, string.join(vals[1:], "',

Re: Yet Another MySQL Problem

On Thu, May 27, 2010 at 10:17 AM, Kushal Kumaran wrote: > On Thu, 2010-05-27 at 08:34 -0400, Victor Subervi wrote: > > Hi; > > I have this code: > > > > sql = "insert into %s (%s) values ('%%s');" % (personalDataTable, > > string.join(cols

Re: Yet Another MySQL Problem

On Thu, May 27, 2010 at 12:11 PM, Kushal Kumaran wrote: > Since I'm in a good mood today, here's a little present: > > def insert(cursor, table, columns, values): >"""Insert a row into a table. columns must be a list of column >names. values must be a list of values for the new row. The

Re: A Quick MySQL Question

On Thu, May 27, 2010 at 1:37 PM, Dennis Lee Bieber wrote: > On Wed, 26 May 2010 08:29:21 -0400, Victor Subervi > declaimed the following in > gmane.comp.python.general: > > > valueList = ("%value1", "%value2", "%value3") > >If I&#x

Re: Yet Another MySQL Problem

On Thu, May 27, 2010 at 12:56 PM, MRAB wrote: > Kushal Kumaran wrote: > [snip] > > Since I'm in a good mood today, here's a little present: >> >> def insert(cursor, table, columns, values): >>"""Insert a row into a table. columns must be a list of column >>names. values must be a list

Some More MySQL

Hi; But what about this? sql = "select pic%d from %s where ID='%%s';" % (pic, store) cursor.execute(sql % id) If I try and rewrite the last line like this: cursor.execute(sql, id) it doesn't work. What do? How about this one: cursor.execute("insert into categories (Store, Catego

Re: Some More MySQL

On Thu, May 27, 2010 at 2:54 PM, MRAB wrote: > Victor Subervi wrote: > >> Hi; >> But what about this? >> >> sql = "select pic%d from %s where ID='%%s';" % (pic, store) >> cursor.execute(sql % id) >> >> If I try and rewr

Re: Yet Another MySQL Problem

On Thu, May 27, 2010 at 1:15 PM, Tim Chase wrote: > On 05/27/2010 11:56 AM, MRAB wrote: > >> Kushal Kumaran wrote: >> >>>', '.join('%s' * len(values))) >>> >> >> That should be: >> >> ', '.join(['%s'] * len(values))) >> > > Or as I've done in the past: > > ', '.join('%s' for _ in

Re: Yet Another MySQL Problem

On Thu, May 27, 2010 at 5:47 PM, Tim Chase wrote: > On 05/27/2010 03:32 PM, Victor Subervi wrote: > > On Thu, May 27, 2010 at 1:15 PM, Tim Chase wrote: >> >>> That should be: >>>> >>>> ', '.join(['%s'] * len(values))) &

Re: Some More MySQL

On Fri, May 28, 2010 at 2:17 AM, Dennis Lee Bieber wrote: > On Thu, 27 May 2010 23:22:24 +0100, MRAB > declaimed the following in gmane.comp.python.general: > > > > > Placeholders which are handled by .execute shouldn't be wrapped in > > quotes, even is the value is a string, because .execute wil

Re: Some More MySQL

I still have this code: sql = 'select * from options%s where ID=%%s', (opTable[0].upper() + opTable[1:]) cursor.execute(sql, (id,)) which throws this error: /var/www/html/angrynates.com/cart/enterOptionsPrices2.py 70 print 'All options prices have been successfully updated.'

Opinion On Best Way...

Hi; I have a script in which I currently pass a number of variables to another script through the url in a meta http-equiv tag. This seems both awkward and hackable. I think it would be best to create a temporary mysql table, insert them there, and pull them from the following script. The situation

Another MySQL Question

Hi; I have this code: options = '' our_options = [] our_options_string = '' for op in ops: options += '%s varchar(40) not null, ' % (op[0].upper() + op[1:]) our_options.append('%s' % form.getfirst('%s' % op)) our_options_string += '%s", "' % op cursor.execute(

Re: Another MySQL Question

On Thu, Jun 3, 2010 at 12:25 PM, MRAB wrote: > So our_options is a list containing two values, which you're putting > into a tuple: > > >>> our_options = ["first", "second"] > >>> print len(our_options) > 2 > >>> value_tuple = (our_options,) > >>> print len(value_tuple) > 1 > >>> > > In other wo

Re: Another MySQL Question

On Thu, Jun 3, 2010 at 1:48 PM, Dennis Lee Bieber wrote: > On Thu, 3 Jun 2010 08:49:44 -0400, Victor Subervi > declaimed the following in > gmane.comp.python.general: > > > options += '%s varchar(40) not null, ' % (op[0].upper() + op[1:]) > > Ple

Re: Another MySQL Question

On Thu, Jun 3, 2010 at 4:09 PM, John Nagle wrote: > The real problem with this is not the Python. It's the approach > to SQL. What's going on here is that you have some collection of > named options that come in from some external source, and you're > trying to handle that by dynamically cons

Where's the List?

Hi; I have this: for order in order_details: store = order[0] prodid = order[1] pkg = order[2] quantity = order[3] if 'PatientID' in order_fields: patientID = order[4] try: option_values = order[5:] except TypeError: opt

Re: Where's the List?

On Sat, Jun 5, 2010 at 4:52 PM, Stephen Hansen wrote: > > cur.execute(sql, [pkg, prodid, tmpTable, quantity] + > list(option_values)) > > Or: > >cur.execute(sql, (pkg, prodid, tmpTable, quantity) + option_values) > > I removed the explicit conversion-to-tuple in the first, because... you >

Drop Table w/ MySQLdb?

Hi; I tried this: cursor.execute('drop table tmp%s', tmpTable) and got this error: Traceback (most recent call last): File "/var/www/html/angrynates.com/cart/cart.py", line 196, in ? cart() File "/var/www/html/angrynates.com/cart/cart.py", line 189, in cart cursor.execute('drop t

Re: Drop Table w/ MySQLdb?

On Sun, Jun 6, 2010 at 11:40 AM, MRAB wrote: > As has been explained already, SQL might not (and here it clearly does > not) let you use placeholders for table or column names, only for > values. > Oops. Sorry. Thanks. beno -- http://mail.python.org/mailman/listinfo/python-list

capitalize() NOT the same as var[0].upper _ var[1:]

Sorry, Dennis: var = 'colorsShort' var[0].upper + var[1:] = 'ColorsShort' var.capitalize() = 'Colorsshort' beno -- http://mail.python.org/mailman/listinfo/python-list

Deformed Form

Hi; I have a script that calls values from the form that calls it. This script imports another script: from New_Passenger import New_Passenger def create_edit_passengers3(): ... new_passengers_curr_customers = New_Passengers_Curr_Customers(customers, flights) if new_passengers_curr_customer

Re: Deformed Form

On Thu, Jun 10, 2010 at 10:30 AM, Stephen Hansen (L/P) wrote: > On 6/10/10 7:14 AM, Victor Subervi wrote: > > Hi; > > I have a script that calls values from the form that calls it. This > script > > imports another script: > > > > from New_Passen

Re: Deformed Form

No, I think you've misunderstood because while I thought I was being clear I probably was not. So here is the complete code of create_edit_passengers3.py: #!/usr/bin/python import cgitb; cgitb.enable() import cgi import sys,os sys.path.append(os.getcwd()) import MySQLdb from login import login im

Re: Deformed Form

On Thu, Jun 10, 2010 at 2:07 PM, Stephen Hansen wrote: > On 6/10/10 10:48 AM, Victor Subervi wrote: > > Now, create_edit_passengers3() is called by the form/submit button in > (you > > guessed it) create_edit_passengers2.py, the latter containing a var in it > > which *

Re: Deformed Form

On Fri, Jun 11, 2010 at 12:24 PM, Stephen Hansen wrote: > Sure, if you have some file that two separate scripts import, and in > said file you generate some value-- as long as that value will be the > same at all times, it'll appear that the two scripts are sharing some > state. They are not, howe

Re: Deformed Form

Ok. Starting over. Here is the script that "generates" the variable "new_passengers_curr_customers": #!/usr/bin/python import cgitb; cgitb.enable() import cgi import sys,os sys.path.append(os.getcwd()) import MySQLdb from login import login from Curr_Passengers_Table import Curr_Passengers_Table

Re: Deformed Form

Stephen Hansen suggests I move the line: new_passengers_curr_customers = int(form.getfirst('new_passengers_curr_customers', 0)) from "Script 3" (as he dubs it) to "Script 2". Naturally (though he wouldn't have known) that's how I had it at first. After sending the post that finally cleared up the

Re: Deformed Form

On Sat, Jun 12, 2010 at 11:46 AM, Stephen Hansen wrote: > On 6/12/10 6:19 AM, Victor Subervi wrote: > > You will note those very first lines. This also addresses two other > > responders who believed perhaps I had called the variable from the form > in > > question more t

Re: Deformed Form

On Sat, Jun 12, 2010 at 1:58 PM, Stephen Hansen wrote: > The only suggestion I have is: try dumping all the .pyc's. > Interestingly, ls -al reveals *no* *.pyc files. Yeah, that problem caught me once as well. TIA, beno -- http://mail.python.org/mailman/listinfo/python-list

Re: Deformed Form

Stephen Hansen suggests running this line before running or testing code: python -m compileall -f . Noted. Will do. Stephen also mentions, along with many others, that using CGI these days is silly (my word). Noted. I'll switch over, but not today. Got other things more pressing ;) DavidA corr

Re: Deformed Form

On Wed, Jun 16, 2010 at 2:09 PM, Dave Angel wrote: > Fix any one of them, and I'd probably have kept quiet. > Thanks for piping up ;) beno > > -- http://mail.python.org/mailman/listinfo/python-list

If Not CGI...

Hi; I've caught a lot of flack (imagine that) about using CGI. I understand there are several other options, to wit: mod_python, fastcgi and wcgi. I've messed around with mod_python without luck. What are your suggestions? TIA. beno -- http://mail.python.org/mailman/listinfo/python-list

Re: If Not CGI...

I really can't begin to thank you guys enough. Great information, goes without saying. A lot to consider. I would like to explore rewriting the shopping cart in Django. The reality of the matter may make it difficult. Working literally from the time I awake to when I go to sleep and not having enou

Re: If Not CGI...

On Mon, Jun 21, 2010 at 9:03 AM, Tim Chase wrote: > On 06/21/2010 07:40 AM, Victor Subervi wrote: > >> I would like to explore rewriting the shopping cart in Django. >> The reality of the matter may make it difficult. Working >> literally from the time I awake to wh

Another MySQL Problem

Hi; I have this line: cursor.execute('select clientEmail from clients where client=%s', (string.replace(client, '_', ' '))) clientEmail = cursor.fetchone()[0] cursor.execute('select * from %s' % (client)) client = "Lincoln_Properties" With the replacement, the interpreter complains that myd

Re: Another MySQL Problem

On Wed, Jun 23, 2010 at 10:25 AM, Stephen Hansen wrote: > On 6/23/10 6:45 AM, Victor Subervi wrote: > > Hi; > > I have this line: > > > > cursor.execute('select clientEmail from clients where client=%s', > > (string.replace(client, '_&

Re: Another MySQL Problem

Ok, let's start all over again. When I have this code: cursor.execute('select clientEmail from clients where client="%s"', (client.replace('_', ' '),)) clientEmail = cursor.fetchone()[0] I get this error: /var/www/html/globalsolutionsgroup.vi/mailSpreadsheet.py 67 68 ''' 69 70

Re: Another MySQL Problem

On Wed, Jun 23, 2010 at 12:51 PM, Stephen Hansen wrote: > The problem is not this line but: > > > File "/var/www/html/globalsolutionsgroup.vi/mailSpreadsheet.py", line > 38, in mailSpreadsheet > cursor.execute('select * from %s', (client,)) > > > This one. > Yes, can't use the comma, must

Re: Another MySQL Problem

On Thu, Jun 24, 2010 at 1:56 AM, John Nagle wrote: > On 6/23/2010 10:59 PM, Dennis Lee Bieber wrote: > >> On Wed, 23 Jun 2010 11:58:24 -0430, Victor Subervi >> declaimed the following in >> gmane.comp.python.general: >> >> >> When I have this code:

Re: Another MySQL Problem

On Thu, Jun 24, 2010 at 9:34 AM, Stephen Hansen wrote: > On Thu, Jun 24, 2010 at 4:47 AM, Victor Subervi > wrote: > >> On Thu, Jun 24, 2010 at 1:56 AM, John Nagle wrote: >> > Yes. Please post your CREATE statements, so we can see your >>> database schema.

Re: Another MySQL Problem

On Fri, Jun 25, 2010 at 2:15 AM, Dennis Lee Bieber wrote: > On Thu, 24 Jun 2010 09:59:41 -0430, Victor Subervi > declaimed the following in > gmane.comp.python.general: > >I could have sworn the concept had been brought up some 8 months > ago... Probably couched in r

More MySQL Stuff

Hi; So I'm launching into a major rewrite of my shopping cart because I've finally woken up to the challenge of injection attacks. One of my major problems is that many column names are determined when the shopping cart is built. For example, how many photos are to be uploaded is determined that wa

Re: More MySQL Stuff

On Mon, Jun 28, 2010 at 12:11 PM, Stephen Hansen wrote: > On 6/28/10 9:10 AM, Victor Subervi wrote: > >> Hi; >> So I'm launching into a major rewrite of my shopping cart because I've >> finally woken up to the challenge of injection attacks. One of my major >

pysandbox 1.0: a new sandbox for Python

mport Sandbox def func(a, b): return a + b sandbox = Sandbox() print sandbox.call(func, 1, 2) Example with execute() method: from sandbox import Sandbox, SandboxConfig sandbox = Sandbox(SandboxConfig('stdout')) sandbox.execute('print("Code executed in the sandbox")') Get more information in the README file. pysandbox is based on the safelite project written by Tav. Victor -- http://mail.python.org/mailman/listinfo/python-list

Re: More MySQL Stuff

On Mon, Jun 28, 2010 at 2:24 PM, Emile van Sebille wrote: > On 6/28/2010 9:10 AM Victor Subervi said... > >> Any other suggestions? >> > > > http://www.databaseanswers.org/tutorial4_db_schema/index.htm Thanks. Good tutorial. beno -- http://mail.python.org/mailman/listinfo/python-list

Re: Solutions for hand injury from computer use

Emile van Sebille wrote: > When I started having trouble about ten years ago, I switched to a > keyboard with integrated mouse pad. No problems since... Where did you find that? I've been looking for one. (Assuming you mean a trackpad, and not a mouse pad.) That said, my own solution was the

Is This Open To SQL Injection?

Hi; I have this code: sql = 'insert into personalDataKeys values (%s, %s, %s)' % (store, user, ', %s'.join('%s' * len(col_vals)) cursor.execute(sql, col_vals) Is this open to injection attacks? If so, how correct? TIA, beno -- http://mail.python.org/mailman/listinfo/python-list

Re: Is This Open To SQL Injection?

On Wed, Jul 7, 2010 at 2:22 PM, Stephen Hansen wrote: > First, its always best to be explicit with insert statements. Meaning, > don't rely on the underlining structure of a table, as in: > > INSERT INTO YourRandomTable VALUES ("my", "value", "here"); > > Instead, do: > > INSERT INTO YourRandomTab

Re: Python -- floating point arithmetic

Zooko O'Whielacronx wrote: > I'm starting to think that one should use Decimals by default and > reserve floats for special cases. Only if one has Power6 (or 7) which has hardware support for BCD. Otherwise you will have slow applications. Victor. -- Victor Eijkhout --

Re: Is This Open To SQL Injection?

On Thu, Jul 8, 2010 at 10:45 AM, Stephen Hansen wrote: > On 7/8/10 6:20 AM, Victor Subervi wrote: > > However, I now have another error. Here is my current command: > > > > cursor.execute("insert into personalDataKeys (Store, User, > > useFirstName, useLas

Re: Is This Open To SQL Injection?

I've come to the realization that I don't need FKs at all here. Essentially, what I need to do is consult personalDataKeys simply to determine what data should be loaded into and retrieved from personalData. I was mistaken because the data are not interdependent, it only appeared that way superfici

MySQL One More Again

Hi; I have the following code: cursor.execute('select MyTable from optionsDetails where Store=%s', (store,)) options_tables = [item[0] for item in cursor] for table in options_tables: cursor.execute('select * from %' % table) You can already see what my question is. One of y'all

<    2   3   4   5   6   7   8   >