473,325 Members | 2,771 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

MySQLdb not updating rows

import md5
import string
import MySQLdb

tc = raw_input("Teacher Code: ")
p = raw_input("New Password: ")

print tc
hash = md5.new()
hash.update(p)
print p
print hash.hexdigest()
h = hash.hexdigest()

boo = raw_input("Sure you want to update password with above details? Y
or N: ")

if boo == 'y':
db = MySQLdb.connect("copweb2", "******", "******", "*******")
cursor = db.cursor()
if cursor.execute("UPDATE teachers SET password = '%s' WHERE
teacher_code = '%s'" % (h, tc)):
print "Done"
else:
print "Error"
else:
print "cancelled"

cursor.close()
db.close()
This code doesn't seem to update my database, anyone any idea why? Is
it me being stupid? It doesn't kick out an error at all.

Jun 28 '06 #1
5 2110
"Bowen" <si***@xiano.co.uk> wrote:
boo = raw_input("Sure you want to update password with above details? Y or N: ")

if boo == 'y':
if you're asking for Y or N, maybe you should check for Y or N ? or better,
use something like:

if boo.lower() == 'y':
...

or even

if boo.lower().startswith("y"):
...
db = MySQLdb.connect("copweb2", "******", "******", "*******")
cursor = db.cursor()
if cursor.execute("UPDATE teachers SET password = '%s' WHERE
teacher_code = '%s'" % (h, tc)):
print "Done"
else:
print "Error"
else:
print "cancelled"

cursor.close()
what happens if you add

db.commit()

here?
db.close()


</F>

Jun 28 '06 #2
Thanks for that, it appears it was the db.commit() that sorted it
out.....lesson learnt :)

Jun 28 '06 #3
Bowen wrote:
import md5
import string
import MySQLdb

tc = raw_input("Teacher Code: ")
p = raw_input("New Password: ")

print tc
hash = md5.new()
hash.update(p)
print p
print hash.hexdigest()
h = hash.hexdigest()

boo = raw_input("Sure you want to update password with above details? Y
or N: ")

if boo == 'y':
db = MySQLdb.connect("copweb2", "******", "******", "*******")
cursor = db.cursor()
if cursor.execute("UPDATE teachers SET password = '%s' WHERE
teacher_code = '%s'" % (h, tc)):
print "Done"
else:
print "Error"
else:
print "cancelled"

cursor.close()
db.close()
This code doesn't seem to update my database, anyone any idea why? Is
it me being stupid? It doesn't kick out an error at all.


Another side note: don't build your queries using (dumb) string formatting,
let the MySQLdb module do it for you. More specifically use:

cursor.execute(
"UPDATE teachers SET password = %s WHERE teacher_code = %s",
(h, tc)
)

instead of

cursor.execute(
"UPDATE teachers SET password = '%s' WHERE teacher_code = '%s'"
% (h, tc)
)

The former form takes care of quoting and escaping, your version did not
escape potentially harmful characters in tc, resulting in a possibly opened
door for SQL injection attacks.

--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://pink.odahoda.de/
Jun 28 '06 #4
Thanks for that tip, it's a simple script that I am experimenting on,
planning to build a custon gui for my database. It is definately
something for me to note in the future.

Thanks again.

Jun 28 '06 #5
In article <11**********************@d56g2000cwd.googlegroups .com>,
"Bowen" <si***@xiano.co.ukwrote:
>In article <e7**********@online.de>, Benjamin Niemann <pi**@odahoda.de>
wrote:
>>Another side note: don't build your queries using (dumb) string formatting,
let the MySQLdb module do it for you.

Thanks for that tip, it's a simple script that I am experimenting on,
planning to build a custon gui for my database. It is defin[i]tely
something for me to note in the future.
Best get into the habit of doing careful quoting NOW, not "in the
future". Otherwise you will inadvertently leave yourself open to an SQL
injection attack at some point in the future.
Jul 2 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Chris Stromberger | last post by:
When issuing updates in mysql (in the console window), mysql will tell you if any rows matched and how many rows were updated (see below). I know how to get number of rows udpated using MySQLdb,...
1
by: Sheila King | last post by:
I have searched for an answer to this question on the comp.lang.python archives at Google Groups, and also looked through the (sparse) MySQLdb documentation, and cannot confirm for a FACT what I...
1
by: JZ | last post by:
I cannot execute insert data into TEXT field if that data is bigger than 64KB. :( >>> cursor.execute("INSERT INTO table (field) VALUES(%s) WHERE id=1", myValue) Traceback (most recent call...
2
by: Tim Williams | last post by:
I'm trying to write a simple python program to access a MySQL database. I'm having a problem with using MySQLdb to get the results of a SQL command in a cursor. Sometimes the cursor.execute works,...
21
by: John Fabiani | last post by:
Hi, I'm a newbie and I'm attempting to learn howto create a select statement. When I use >>> string1='18 Tadlock Place' >>> cursor.execute("SELECT * FROM mytest where address = %s",string1) All...
4
by: Lajos Kuljo | last post by:
Hallo, ich bin voll neu im Python-Programming, deshalb ist mein Problem wahrscheinlich trivial: Wenn ich die Script #########################################33 #! /usr/bin/env python import...
5
by: Lorenzo | last post by:
I'm trying to use some of the agg functions in MySQLdb (avg, min, max), but they're just not working as I would expect. They all return the value 1 when executed as part of Python scripts, but work...
2
by: Nikhil | last post by:
I am using the MySQLdb python module. I have a table named 'testing' with few columns, under the 'test' database, what is hosted on a remote mysql server. I want to run the following query to...
0
by: Edwin.Madari | last post by:
replace the name of table before calling *.execute. s.dbptr.execute(str % (e)) good luck. Edwin -----Original Message----- From: python-list-bounces+edwin.madari=verizonwireless.com@python.org...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.