escape single and double quotes
Scott David Daniels
Scott.Daniels at Acm.Org
Thu Mar 24 12:48:16 EST 2005
Leif B. Kristensen wrote:
> Damjan skrev:
>>For example:
>> SQL = 'INSERT into TEMP data = %s'
>> c.execute(SQL, """ text containing ' and ` and all other stuff we
>> might read from the network""")
> Sure, but does this work if you need more than one placeholder?
Yup.
FWIW,
> here's the whole script. It will fetch data from the table name_parts
> and pump them into the "denormalized" table names ( a real SQL guru
> would probably do the same thing with one single monster query):
>
import psycopg
from re import escape
connection = psycopg.connect("dbname=slekta", serialize=0)
cursor = connection.cursor()
cursor.execute("select * from name_parts")
result = cursor.fetchall()
kind = 'prefix', 'given', 'surname', 'suffix', 'patronym', 'toponym'
for row in result:
if 0 < row[2] <= 6:
cursor.execute("update names set " + kind[row[2] - 1] +
" = %s where name_id = %s",
(row[4], row[1]))
cursor.commit()
connection.close()
1) I would prefer "SELECT name_id, part, name FROM name_parts", rather
than relying on * to return the field names in an expected order
and size as your database evolves. I generally do SQL keywords in
all-caps as documentation for those reading the code later.
2) I suspect that last line of the second execute might need to be:
[(row[4], row[1])])
I don't really remember; I'd just try both and see which works.
3) It is not really clear to when you want to do the commits.
I might be tempted to do the first query with "ORDER BY name_id"
and do a commit after each distinct name_id is finished. This
strategy would keep data for individuals coherent.
4) In fact, I'd leave the data in the database. Perhaps more like a
set of queries like:
UPDATE names
SET names.prefix = name_parts.name
FROM name_parts
WHERE names.name_id = name_parts.name_id
AND name_parts.name_kind = 1
You really need to think about commits when you adopt this strategy.
--Scott David Daniels
Scott.Daniels at Acm.Org
More information about the Python-list
mailing list