cannot concatenate 'str' and 'list' objects

Chris Angelico rosuav at gmail.com
Sat Sep 15 11:23:09 EDT 2012 

On Sun, Sep 16, 2012 at 1:06 AM, Νικόλαος Κούρας <nikos.gr33k at gmail.com> wrote:
> Previous webhost has the same flaw as well, look:
>
> http://www.errorweb.gr/~nikos/cgi-bin/
>
> giving away all my scripts.
>
> Webhost misconfiguration in both hosts!

And when I look at the scripts, I see things that do not fill me with
confidence. You appear to be reinventing the wheel, and making it
hexagonal in the process. That's not to say you shouldn't tinker with
wheel design now and then, but as Roy said, the consequences get quite
severe once you're hosting a web site to the world.

I've been guilty of the same sorts of issues myself. I was poking at
some old code today (code that dates back a few years to when I was
new to PHP and didn't know of any other way to make a dynamic web site
other than CGI) and found some pretty ridiculous coding bloopers.
Stuff that didn't stop the site's primary functionality from working,
but it sure isn't what I'd call good code. Some day I'll rewrite it
all... some day I'll have time available... anyway.

Your counter.py appears to be doing what most people do after the fact
with log-file analysis. It's usually a lot better to simply parse
Apache's log files to find out how many people view your pages, rather
than maintaining the statistics. This has a race condition in it:

	# update existing visitor record if same pin and same host found
	try:
		cursor.execute( '''UPDATE visitors SET hits = hits + 1, agent = %s,
date = %s WHERE pin = %s AND host = %s''', (agent, date, pin, host))
	except MySQLdb.Error, e:
		print ( "Error %d: %s" % (e.args[0], e.args[1]) )
	
	# insert new visitor record if above update did not affect a row
	if cursor.rowcount == 0:
		cursor.execute( '''INSERT INTO visitors(pin, host, hits, agent,
date) VALUES(%s, %s, %s, %s, %s)''', (pin, host, 1, agent, date) )


If two page loads simultaneously execute this code, they'll both fail
to update, and then both attempt to insert.

Also, it's extremely insecure to simply print your database errors.
Emit them to a separate log file that only you have access to, and
monitor that log while you're developing. Once you're done developing,
switch to an alert system if you can, because SQL errors should never
occur (obviously don't alert if there are specific errors that you
intend to cause and catch).

See if you can replace the whole mess of CGI scripts with flat HTML
files and AWStats. You'll have much more flexibility in hosting
company choice, less risk of security breaches, and much MUCH easier
management.

ChrisA

More information about the Python-list mailing list