Beginner question!
kyosohma at gmail.com
kyosohma at gmail.com
Fri Dec 21 15:54:13 EST 2007
On Dec 21, 1:44 pm, SMALLp <po... at email.t-com.hr> wrote:
> Carsten Haese wrote:
> > On Fri, 2007-12-21 at 18:06 +0100, SMALLp wrote:
> >>>> sql ="INSERT INTO "+dataTable+" (user_name, file_name, file_size,
> >>>> file_path_local, file_path_FTP, curent_location, FTP_valid_time,
> >>>> uploaded, last_modified, last_verified, file_type, file_category) VLAUES
> >>>> "+data
> >>>> cursor.execute(sql)
>
> >> Thanks! I solved the problem. And I thing i understand now.
>
> > You may have solved your initial problem, but the above snippet raises
> > two red flags:
>
> > 1) Why is the table name coming from a variable? This implies to me that
> > you a working with a collection of tables with different names that all
> > have the same column names. If that is the case, that smells of really
> > bad database design. If at all possible, those tables should be merged
> > into one table that has an additional column (or set of columns) for
> > distinguishing which "fragment" each row is in.
>
> > 2) Sticking literal values into an SQL query string is a bad idea. You
> > should learn about parametrized queries, e.g. here:
> >http://informixdb.blogspot.com/2007/07/filling-in-blanks.html
>
> > Hope this helps,
>
> Good question. I'm using only one tale and have no idea why i had table
> name from variable. But every new knowledge comes handy.
>
> One more question. How does my code looks like. I couldn't find any open
> source program written in python to learn from, so i read some tutorials
> and I'm not sure about how it looks.
You couldn't find any programs written in Python? What the!?
Here's a few:
http://cheeseshop.python.org/pypi/UliPad/3.6/
http://spambayes.sourceforge.net/
http://sourceforge.net/softwaremap/trove_list.php?form_cat=178
Mike
More information about the Python-list
mailing list