more pythonic
Temoto
temotor at gmail.com
Thu Feb 28 09:58:44 EST 2008
On 28 фев, 15:42, Paul McGuire <pt... at austin.rr.com> wrote:
> On Feb 28, 5:40 am, Temoto <temo... at gmail.com> wrote:
>
>
>
> > Hello.
>
> > There is a Django application, i need to place all its data into
> > Access mdb file and send it to user.
> > It seems to me that params filling for statement could be expressed in
> > a more beautiful way.
> > Since i'm very new to Python, i don't feel that, though.
>
> > Could you tell your opinion on that snippet?
>
> > <code>
> > sql = """insert into salesmanager
> > (employeeid, name, officelocation, departmentname, salary)
> > values (?, ?, ?, ?, ?);"""
> > params = []
> > for manager in Manager.objects.all():
> > params.append( (manager.id, manager.name, manager.office,
> > manager.department, manager.salary) )
> > curs.executemany(sql, params)
> > </code>
>
> Replace:
> params = []
> for manager in Manager.objects.all():
> params.append( (manager.id, manager.name,
> manager.office, manager.department,
> manager.salary) )
>
> With this list comprehension:
>
> params = [ (mgr.id, mgr.name, mgr.office,
> mgr.department, mgr.salary)
> for mgr in Manager.objects.all() ]
>
> But the technique you are using, of creating a params list instead of
> doing explicit string construction, IS the safe SQL-injection-
> resistant way to do this.
>
> -- Paul
Thanks a lot. I've been actually waiting for a list comprehension.
More information about the Python-list
mailing list