Hello.
There is a Django application, i need to place all its data into
Access mdb file and send it to user.
It seems to me that params filling for statement could be expressed in
a more beautiful way.
Since i'm very new to Python, i don't feel that, though.
Could you tell your opinion on that snippet?
<code>
sql = """insert into salesmanager
(employeeid, name, officelocation, departmentname, salary)
values (?, ?, ?, ?, ?);"""
params = []
for manager in Manager.objects.all():
params.append( (manager.id, manager.name, manager.office,
manager.department, manager.salary) )
curs.executemany(sql, params)
</code> 7 1122
On Feb 28, 4:40*am, Temoto <temo...@gmail.comwrote:
Hello.
There is a Django application, i need to place all its data into
Access mdb file and send it to user.
It seems to me that params filling for statement could be expressed in
a more beautiful way.
Since i'm very new to Python, i don't feel that, though.
Could you tell your opinion on that snippet?
<code>
* * sql = """insert into salesmanager
* * * * (employeeid, name, officelocation, departmentname, salary)
* * * * values (?, ?, ?, ?, ?);"""
* * params = []
* * for manager in Manager.objects.all():
* * * * params.append( (manager.id, manager.name, manager.office,
manager.department, manager.salary) )
* * curs.executemany(sql, params)
</code>
It's my understanding that the way you insert arguments into queries
has to be done in a db specific way. If done in that way, your
queries will be protected against sql injection attacks, AND the query
strings will be constructed in a more efficient manner.
On Feb 28, 4:48*am, 7stud <bbxx789_0...@yahoo.comwrote:
>
It's my understanding that the way you insert arguments into queries
has to be done in a db specific way. *
Rather:
It's my understanding that the way you insert arguments into queries
*should* be done in a db specific way. *
On Feb 28, 5:40*am, Temoto <temo...@gmail.comwrote:
Hello.
There is a Django application, i need to place all its data into
Access mdb file and send it to user.
It seems to me that params filling for statement could be expressed in
a more beautiful way.
Since i'm very new to Python, i don't feel that, though.
Could you tell your opinion on that snippet?
<code>
* * sql = """insert into salesmanager
* * * * (employeeid, name, officelocation, departmentname, salary)
* * * * values (?, ?, ?, ?, ?);"""
* * params = []
* * for manager in Manager.objects.all():
* * * * params.append( (manager.id, manager.name, manager.office,
manager.department, manager.salary) )
* * curs.executemany(sql, params)
</code>
Replace:
params = []
for manager in Manager.objects.all():
params.append( (manager.id, manager.name,
manager.office, manager.department,
manager.salary) )
With this list comprehension:
params = [ (mgr.id, mgr.name, mgr.office,
mgr.department, mgr.salary)
for mgr in Manager.objects.all() ]
But the technique you are using, of creating a params list instead of
doing explicit string construction, IS the safe SQL-injection-
resistant way to do this.
-- Paul
On 28 ÆÅ×, 15:42, Paul McGuire <pt...@austin.rr.comwrote:
On Feb 28, 5:40 am, Temoto <temo...@gmail.comwrote:
Hello.
There is a Django application, i need to place all its data into
Access mdb file and send it to user.
It seems to me that params filling for statement could be expressed in
a more beautiful way.
Since i'm very new to Python, i don't feel that, though.
Could you tell your opinion on that snippet?
<code>
sql = """insert into salesmanager
(employeeid, name, officelocation, departmentname, salary)
values (?, ?, ?, ?, ?);"""
params = []
for manager in Manager.objects.all():
params.append( (manager.id, manager.name, manager.office,
manager.department, manager.salary) )
curs.executemany(sql, params)
</code>
Replace:
params = []
for manager in Manager.objects.all():
params.append( (manager.id, manager.name,
manager.office, manager.department,
manager.salary) )
With this list comprehension:
params = [ (mgr.id, mgr.name, mgr.office,
mgr.department, mgr.salary)
for mgr in Manager.objects.all() ]
But the technique you are using, of creating a params list instead of
doing explicit string construction, IS the safe SQL-injection-
resistant way to do this.
-- Paul
Thanks a lot. I've been actually waiting for a list comprehension.
On Feb 28, 8:58*am, Temoto <temo...@gmail.comwrote:
On 28 ÆÅ×, 15:42, Paul McGuire <pt...@austin.rr.comwrote:
On Feb 28, 5:40 am, Temoto <temo...@gmail.comwrote:
Hello.
There is a Django application, i need to place all its data into
Access mdb file and send it to user.
It seems to me that params filling for statement could be expressed in
a more beautiful way.
Since i'm very new to Python, i don't feel that, though.
Could you tell your opinion on that snippet?
<code>
* * sql = """insert into salesmanager
* * * * (employeeid, name, officelocation, departmentname, salary)
* * * * values (?, ?, ?, ?, ?);"""
* * params = []
* * for manager in Manager.objects.all():
* * * * params.append( (manager.id, manager.name, manager.office,
manager.department, manager.salary) )
* * curs.executemany(sql, params)
</code>
Replace:
* * params = []
* * for manager in Manager.objects.all():
* * * * params.append( (manager.id, manager.name,
* * * * * * * * * * * * manager.office, manager.department,
* * * * * * * * * * * * manager.salary) )
With this list comprehension:
* * params = [ (mgr.id, mgr.name, mgr.office,
* * * * * * * * *mgr.department, mgr.salary)
* * * * * * * * for mgr in Manager.objects.all() ]
But the technique you are using, of creating a params list instead of
doing explicit string construction, IS the safe SQL-injection-
resistant way to do this.
-- Paul
Thanks a lot. I've been actually waiting for a list comprehension.- Hide quoted text -
- Show quoted text -
In general, whenever you have:
someNewList = []
for smthg in someSequence:
if condition(smthg):
someNewList.append( elementDerivedFrom(smthg) )
replace it with:
someNewList = [ elementDerivedFrom(smthg)
for smthg in someSequence
if condition(smthg) ]
-- Paul
Paul McGuire wrote:
In general, whenever you have:
someNewList = []
for smthg in someSequence:
if condition(smthg):
someNewList.append( elementDerivedFrom(smthg) )
replace it with:
someNewList = [ elementDerivedFrom(smthg)
for smthg in someSequence
if condition(smthg) ]
What is the gain? (Real question.)
I think the first is often easier to read.
Is the second more efficient?
Also, I think list comprehensions are often easier to read
as equivalent generator expressions:
someNewList = list( elementDerivedFrom(smthg)
for smthg in someSequence
if condition(smthg) )
Tastes vary of course.
Cheers,
Alan Isaac
On Feb 29, 5:57*pm, Alan Isaac <ais...@american.eduwrote:
Paul McGuire wrote:
In general, whenever you have:
* * someNewList = []
* * for smthg in someSequence:
* * * * if condition(smthg):
* * * * * * someNewList.append( elementDerivedFrom(smthg) )
replace it with:
* * someNewList = [ elementDerivedFrom(smthg)
* * * * * * * * * * * for smthg in someSequence
* * * * * * * * * * * * if condition(smthg) ]
What is the gain? *(Real question.)
I think the first is often easier to read.
Is the second more efficient?
Also, I think list comprehensions are often easier to read
as equivalent generator expressions:
* * * someNewList = list( elementDerivedFrom(smthg)
* * * * * * * * * * * * * * for smthg in someSequence
* * * * * * * * * * * * * * * if condition(smthg) )
Tastes vary of course.
Cheers,
Alan Isaac
I think there is a performance gain in list comps over explicit for
looping - I'm sure google will turn up some stats for this in this
newsgroup in the past.
As for list(<generator-expr>) over [<list-comprehnesion>], that's why
they make chocolate and vanilla. (I believe that at one time, Guido
was considering discarding list comps in Py3K, with this list
+generator expression alternative being the rationale for dropping
them, but later changed his mind.)
-- Paul This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Dave Benjamin |
last post by:
Here are some more ideas for how to implement a statement-friendly code
block syntax in Python. Hopefully more "Pythonic" (that is, of or pertaining
to those features noticably reminiscent of...
|
by: Nickolay Kolev |
last post by:
Hi all,
I would like to find a more pythonic way of solving the following:
Having a string consisting of letters only, find out the total sound
score of the string. The sound score is...
|
by: Jelle Feringa // EZCT / Paris |
last post by:
After reading about extending python with C/Fortran in the excellent Python
Scripting for Computational Science book by Hans Langtangen, I'm wondering
whether there's not a more pythonic way of...
|
by: gabor |
last post by:
hi,
there are 2 versions of a simple code.
which is preferred?
===
if len(line) >= (n+1):
text = line
else:
|
by: rh0dium |
last post by:
Hi all,
I need a cleaner ( and shorter ) way to to look in my home directory or
any directory for a directory called modules. This is what I currently
have - but it is really ugly. Some a few...
|
by: ToddLMorgan |
last post by:
I'm just starting out with python, after having a long history with
Java. I was wondering if there were any resources or tips from anyone
out there in Python-land that can help me make the...
|
by: robert |
last post by:
As more and more python packages are starting to use the bloomy
(Java-ish) 'logging' module in a mood of responsibility and as I am not
overly happy with the current "thickener" style of usage, I...
|
by: akameswaran |
last post by:
Disclaimer - I recognize this is not a practical exercise. There are
many implementations around that would do the job better, more
efficiently (Meaning in C) or whatever.
I caught some thread...
|
by: Andy Dingley |
last post by:
I'm trying to write rot13, but to do it in a better and more Pythonic
style than I'm currrently using. What would you reckon to the
following pretty ugly thing? How would you improve it? In...
|
by: CC |
last post by:
Hi:
I'm building a hex line editor as a first real Python programming exercise.
Yesterday I posted about how to print the hex bytes of a string. There
are two decent options:
ln =...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |