Tuple to string problems

[John Roth]

"Alastair G. Hogge" <agh at tpg.com.au> wrote in message
news:3f3b9080 at dnews.tpgi.com.au...
> Hello *,
>
> I'm using Python and the cgi module to retrive data from a HTML form.
> I'm then trying to get that information into a string. But efforts fail
when
> I run type(foo) on my string. type() returns tuple.

At a guess, the problem is in the SeAnRe package. I suspect that
it's using eval() on the input, which will detect the parenthesis and
convert the input into a tuple.

This is, by the way, a *very bad thing to do*, because it can lead
to interesting results when you feed it unchecked data. At least,
they're interesting if you're interested in breaking (or breaking into)
a system.

So the short answer is to not put parenthesis around the string.
The long answer is to use a different package; one that doesn't
use eval(), exec or equivalent.

HTH

John Roth


>
> My codes follows:
> #!/usr/local/bin/python
>
> import cgi
> import time
> import SeAnRe
>
> # Begin
> form = cgi.FieldStorage() # Grab the data from web page form
>
> qu = "("
> for name in form.keys():
>         qu += "'" + str((form[name].value)) + "',"
>
>
> # Now we remove the 'Submit' text added by form key above and replace it
> with it with the date, time and a closing ")"
> tail = "'" + str(time.strftime("%Y-%m-%d")) + "','" +
> str(time.strftime("%H:%M:%S")) + "')"
> final_qu = SeAnRe.Action("'Submit',", tail, qu)
>
> So basicly final_qu would be ('1','two','hello','2003-08-14','23:32:07')
> However has stated above type(final_qu) return tuple.
> I did get a little advice on running str on every element of final_qu like
> this:
> foo = ""
> for k in final_qu.get_each_value:
>         foo += str(k)
>
> But then I get "AttributeError: 'tuple' object has no attribute
> 'get_each_value"
>
> The reason I need foo to be a string is because I'm using pgdb. A Python
> interface to PostgreSQL.
>
> Any would be great.
> Thanks in advance
> -Al