Another Little MySQL Problem
Alister
alister.ware at ntlworld.com
Wed May 26 16:17:02 EDT 2010
On Wed, 26 May 2010 12:43:29 -0700, John Nagle wrote:
> Kushal Kumaran wrote:
>> On Tue, 2010-05-25 at 14:45 -0400, Victor Subervi wrote:
>>> Hi;
>>> I have this code:
>>>
>>> clientCursor.execute('select ID from %s' % (personalDataTable))
>>> upds = [itm[0] for itm in clientCursor] print "<input
>>> type='hidden' name='upds' value='%s' />" % upds
>>>
>>> The problem is that the values passed are 1L, 2L.... When I retrieve
>>> them on the other end and try to convert them to integers, guess what
>>> happens? So how do I get rid of that "L"?
>
> What's the table definition?
>
> John Nagle
I think you should probably also write your execuete diferently:
>>> clientCursor.execute('select ID from %s' , (personalDataTable,))
this ensures the parameters are correctly escaped to prevent mysql
injection attacks,the "," after personalDataTable is necessary to ensure
the parameter is passed as a tupple
However I am fairly new so could be mistaken on exactly what your code
does.
--
If you analyse anything, you destroy it.
-- Arthur Miller
More information about the Python-list
mailing list