TypeError: iterable argument required

Wed Apr 6 09:54:23 EDT 2011

On Wednesday, April 6, 2011 6:06:06 AM UTC-4, Νικόλαος Κούρας wrote:
>
> The trouble was in `if "@" in mail` .
> You can only test somthing `in` something else if the second thing is
> iterable and None isnt.
> 
> So i made the code look like this:
> 
> [code]
> if ( mail is not None and '@' in mail ) and comment not in ("Ρωτήστε
> με σχετικά...", "", None):
> [/code]
> 
> Now it works like i wanted but i want to ask you if i wrote it
> correctly, especially when i check against `""` and None

You can also use an empty string as the default value when getting the field value, which would simplify your test by eliminating None as a possibility. The particulars will depend on your framework. For example, cgi.FieldStorage has a getfirst method that takes a default value as the 2nd parameter. 

Also, a simple OR statement can eliminate the None. For example: mail = mail or ''. Since None is False, the statement returns the right-hand operand, which is an empty string ''.

> And please explain to me the difference betweeen an empty string `""`
> and None. An empty string is still a string with zero characters 
> within?

Yes, an empty string is still of type 'str'. None is Python's null value of type 'NoneType'. Its boolean value is False, and it does nothing special and cannot be subclassed. When a function doesn't explicitly return a value, it implicitly returns None.

> > Yes, I made a mistake. It should have been `cursor.execute(SQL_COMMENT_FORM, (mail, comment))`, using a comma instead of a '%' to have it generate SQL string literals from the tuple.
> 
> What do you mean by  "to have it generate SQL string literals from the
> tuple." Please explain

Here's an amusing warning from the Psycopg (PostgreSQL) docs:

"Warning: Never, never, NEVER use Python string concatenation (+) or string parameters interpolation (%) to pass variables to a SQL query string. Not even at gunpoint."

The line I wrote not only didn't properly quote or escape the data values, but it probably also broke the protection from a SQL injection attack. Always list the data in the 2nd parameter as a tuple.