Beginner question!
Carsten Haese
carsten at uniqsys.com
Fri Dec 21 12:52:58 EST 2007
On Fri, 2007-12-21 at 18:06 +0100, SMALLp wrote:
> >> sql ="INSERT INTO "+dataTable+" (user_name, file_name, file_size,
> >> file_path_local, file_path_FTP, curent_location, FTP_valid_time,
> >> uploaded, last_modified, last_verified, file_type, file_category) VLAUES
> >> "+data
> >> cursor.execute(sql)
> Thanks! I solved the problem. And I thing i understand now.
You may have solved your initial problem, but the above snippet raises
two red flags:
1) Why is the table name coming from a variable? This implies to me that
you a working with a collection of tables with different names that all
have the same column names. If that is the case, that smells of really
bad database design. If at all possible, those tables should be merged
into one table that has an additional column (or set of columns) for
distinguishing which "fragment" each row is in.
2) Sticking literal values into an SQL query string is a bad idea. You
should learn about parametrized queries, e.g. here:
http://informixdb.blogspot.com/2007/07/filling-in-blanks.html
Hope this helps,
--
Carsten Haese
http://informixdb.sourceforge.net
More information about the Python-list
mailing list