Tuple to string problems

Alastair G. Hogge agh at tpg.com.au
Sun Aug 17 23:23:59 EDT 2003 

Heather Coppersmith wrote:

> On Sun, 17 Aug 2003 12:37:19 +1000,
> "Alastair G. Hogge" <agh at tpg.com.au> wrote:
> 
>> Sean Ross wrote:
>>> 
>>> "Alastair G. Hogge" <agh at tpg.com.au> wrote in message
>>> news:3f3b9080 at dnews.tpgi.com.au...
>>>> So basicly final_qu would be
>>>> ('1','two','hello','2003-08-14','23:32:07') However has stated above
>>>> type(final_qu) return tuple.
>>> 
>>> If final_qu is already a tuple of strings, and what you need is one
>>> string with each string in the tuple concatenated, then you can do this:
>>> 
>>>>>> final_qu = ('1','two','hello','2003-08-14','23:32:07')
>>>>>> final_qu_str = ' '.join(final_qu)
>>>>>> final_qu_str
>>> '1 two hello 2003-08-14 23:32:07'
>>>>>> 
>>> 
>>> If you can't guarantee that each tuple element is a string, try this:
>>>>>> final_qu_str = ' '.join([str(e) for e in final_qu])
>>>>>> final_qu_str
>>> '1 two hello 2003-08-14 23:32:07'
>>>>>> 
>>> 
>>> [str(e) for e in final_qu] creates a list of a strings from the elements
>>> [in
>>> final_qu.
>>> 
>>> HTH
>>> Sean
>> OK. Sorry I didn't quite make myslef clear.
>> final_qu is a string for pydb. The string should be something link:
>> INSERT INTO foo VALUES "('1','two','hello','2003-08-14','23:32:07')"
>> I need the () and each value must be inclosed in '' for the database
>> interface.
> 
> Having just been through this myself, you're playing with fire:  what if
> one of those strings contains a quote character (single or double)?
> 
> Let the database interface do the quoting for you.  I don't know what
> your table looks like, but I see two possibilities (all code untested):
> 
> If your table contains a single column in which you're trying to put
> that whole string:
> 
>     sql = """INSERT INTO foo VALUES (%s)"""
>     params = (repr( final_qu ),) # "str" may work here, too
>     pydbcursor.execute( sql, params )
> 
> If your table contains five columns, one for each element of that tuple:
> 
>     sql = """INSERT INTO foo VALUES (""" \
>           + ','.join( ['%s'] * len( final_qu ) ) \
>           + """)"""
>     params = final_qu
>     pydbcursor.execute( sql, params )
> 
> HTH,
> Heather
> 
OK I removed the all the 's from the string.
But now I get this:
<error>
raise DatabaseError, "error '%s' in '%s'" % ( msg, sql ), referer:
http://nova/~agh/house.html
pgdb.DatabaseError: error 'ERROR:  parser: parse error at or near ":" at
character 155, referer: http://nova/~agh/house.html
' in 'INSERT INTO house VALUES
(1,two,three,four,five,six,seven,eight,nine,ten,eleven,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,N/A,2003-08-18,13:19:06)',
referer: http://nova/~agh/house.html
</error>

As my modifed code:
<code>
#!/usr/local/bin/python

import cgi
import time
import pgdb

def Initialise():
        _dbuser = "agh"
        _dbsource = "127.0.0.1:foo" # dsn.
        _dbname = "foo"
        return (pgdb.connect(dsn=_dbsource, user=_dbuser, database=_dbname))

def AddData(query):
        db = Initialise()
        cur = db.cursor()
        cur.execute(query)
        db.commit()
        cur.close()
        db.close()
# Begin
form = cgi.FieldStorage() # Grab the data from web page form

qu = ""
# Now we put all the form data into one big string for the db query.
for name in form.keys():
        if form[name].value == "Submit":
                qu += str(time.strftime("%Y-%m-%d")) + "," +
str(time.strftime("%H:%M:%S"))
                break
        else:
                qu += form[name].value + ","

StoreData.AddData("INSERT INTO house VALUES (%s)" % (qu))
DisplayContent.WebPage(qu)
</code>

More information about the Python-list mailing list