[Tutor] Overriding MySQLdb.cursors.DictCursor.execute()
Kent Johnson
kent37 at tds.net
Sat Aug 8 14:51:05 CEST 2009
On Fri, Aug 7, 2009 at 10:18 PM, Tim Johnson<tim at johnsons-web.com> wrote:
> Hello:
> I am currently using python 2.5 and do a lot of database programming
> with MySQLdb.
>
> I need to tighten up control over queries since I am concerned about
> malicious injections.
If you use the two argument form of cursor.execute - passing the
parameter values in a sequence, rather than substituting them yourself
- then you have to worry about injection attacks. The DB-API module
should take care of any required escaping.
> It would seem to me that overriding the execute() methods for both
> objects would entail the least amount of code maintenance and
> modification. I've used python for a long time, but not done much
> with object inheritance.
> The following code:
> class mysql_row_cursor(MySQLdb.cursors.DictCursor):
> def __init__(self):
> pass
> # results in the following error message:
> class mysql_row_cursor(MySQLdb.cursors.DictCursor):
> AttributeError: 'module' object has no attribute 'cursors'
> # say what? MySQLdb has been imported...
You have to explicitly import subpackages. Try
import MySQLdb.cursors
Kent
More information about the Tutor
mailing list