Beginner question!
SMALLp
pofuk at email.t-com.hr
Fri Dec 21 14:44:16 EST 2007
Carsten Haese wrote:
> On Fri, 2007-12-21 at 18:06 +0100, SMALLp wrote:
>>>> sql ="INSERT INTO "+dataTable+" (user_name, file_name, file_size,
>>>> file_path_local, file_path_FTP, curent_location, FTP_valid_time,
>>>> uploaded, last_modified, last_verified, file_type, file_category) VLAUES
>>>> "+data
>>>> cursor.execute(sql)
>
>> Thanks! I solved the problem. And I thing i understand now.
>
> You may have solved your initial problem, but the above snippet raises
> two red flags:
>
> 1) Why is the table name coming from a variable? This implies to me that
> you a working with a collection of tables with different names that all
> have the same column names. If that is the case, that smells of really
> bad database design. If at all possible, those tables should be merged
> into one table that has an additional column (or set of columns) for
> distinguishing which "fragment" each row is in.
>
> 2) Sticking literal values into an SQL query string is a bad idea. You
> should learn about parametrized queries, e.g. here:
> http://informixdb.blogspot.com/2007/07/filling-in-blanks.html
>
> Hope this helps,
>
Good question. I'm using only one tale and have no idea why i had table
name from variable. But every new knowledge comes handy.
One more question. How does my code looks like. I couldn't find any open
source program written in python to learn from, so i read some tutorials
and I'm not sure about how it looks.
More information about the Python-list
mailing list