Updating a filename's counter value failed each time

[Alister]

On Mon, 17 Jun 2013 21:06:16 +0300, Νίκος wrote:
> 
> But the comma inside the execute statement doesn't protect me from such
> actions opposed when i was using a substitute operator?

You are correct Nicos, passing the values as a parameter list does 
protect you from SQL injection JT has made an error.
> 
>> I would guess because you forgot the uotes around string values in your
>> SQL statement which thus wasn't executed.
> 
> i tried you suggestions:
> 
> cur.execute('''UPDATE files SET hits = hits + 1, host = %s, lastvisit =
> %s WHERE url = "%s"''', (host, lastvisit, filename) )
> 
> seems the same as:
> 
> cur.execute('''UPDATE files SET hits = hits + 1, host = %s, lastvisit =
> %s WHERE url = %s''', (host, lastvisit, filename) )
> 
> since everything is tripled quoted already what would the difference be
> in "%s" opposed to plain %s ?

As already noted JT made an error in assuming you were using string 
substitution & not passing parameters the quotes are not required & will 
case errors.

as to your problem you have already been advised that update does not 
generate any returned data.
to see the data you need to issue a select.

to make debugging easier I suggest you need to use an easier way to see 
what is happening in the database
assuming you are using mysql then phpmyadmin may help

also as i have previously suggested it would be wise to keep this system 
off the internet untill you are satisfied it is working correctly & 
secure.
  



-- 
If God had really intended men to fly, he'd make it easier to get to the
airport.
		-- George Winters