MySQLdb, lots of columns and newb-ness
Fredrik Lundh
fredrik at pythonware.com
Wed Dec 20 03:22:59 EST 2006
Andrew Sackville-West wrote:
> I've also tried building tuples and lists and then using this
>
> cursor.execute("insert into daily values (%s)", values)
>
> with no luck. it appears to me that I have to put in all 132 '%s' in
> order to make that work and that just seems stupid.
on the other hand, hackers just *love* people who think they're too
clever to do things in a safe and robust way:
http://en.wikipedia.org/wiki/SQL_injection
using parameterized inserts also speeds things up for many databases,
since the database engine don't have to parse and and analyze the sql
statement over and over and over again.
to quickly generate the parameter list, use string repeat to create the
parameter list:
params = "(" + ",".join(["%s"]*len(values)) + ")"
cursor.execute("insert into daily values " + params, values)
you probably want to do some normalization work on your database too,
but that's another story.
</F>
More information about the Python-list
mailing list