Why Is Escaping Data Considered So Magical?
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Sun Jun 27 07:51:16 EDT 2010
In message <mailman.2183.1277623909.32709.python-list at python.org>, Ian Kelly
wrote:
> On Sat, Jun 26, 2010 at 8:31 PM, Lawrence D'Oliveiro
> <ldo at geek-central.gen.new_zealand> wrote:
>
>> Except I only needed two calls to SQLString, while you need two dozen
>> instances of that repetitive items.c boilerplate.
>>
>> As a human, being repetitive is not my job. That’s what the computer is
>> for.
>
> Then why do you have every parameter prefixed with "modify_"? 8-)
Touché :). Actually it’s because the same form can be used to add a new
record to the table, so there’s a separate set of input fields for that.
> But seriously, if that bothers you, then fold the "items.c." portion
> into the generator expression with a getattr call. Or just change
> them back to the same strings you had originally, and sqlalchemy will
> be just as happy to accept them as-is.
All this trouble, and it only gets rid of 2 of the 3 instances of data-
escaping in the example.
More information about the Python-list
mailing list