Thanks, I actually intend to, was just whipping something up to be an
example for my question.
--
Kevin Holleran
Master of Science, Computer Information Systems
Grand Valley State University
Master of Business Administration
Western Michigan University
GCFA, GCFE, CCNA, ISA, MCSA, MCDST, MCP
"Do today what others won't, do tomorrow what others can't" - SEALFit
"We are what we repeatedly do. Excellence, then, is not an act, but a
habit." - Aristotle
On Wed, May 8, 2013 at 3:07 PM, MRAB <pyt...@mrabarnett.plus.com> wrote:
> On 08/05/2013 19:52, Kevin Holleran wrote:
>
>> Hello,
>>
>> I want to connect to a MySQL database, query for some records,
>> manipulate some data, and then update the database.
>>
>> When I do something like this:
>>
>> db_c.execute("SELECT a, b FROM Users")
>>
>> for row in db_c.fetchall():
>>
>> (r,d) = row[0].split('|')
>>
>> (g,e) = domain.split('.')
>>
>> db_c.execute("UPDATE Users SET g = '"+ g + "' WHERE a ='"+
>> row[0])
>>
>>
>> Will using db_c to update the database mess up the loop that is cycling
>> through db_c.fetchall()?
>>
>> You shouldn't be building an SQL string like that because it's
> susceptible to SQL injection. You should be doing it more like this:
>
> db_c.execute("UPDATE Users SET g = %s WHERE a = %s", (g, row[0]))
>
> The values will then be handled safely for you.
> --
> http://mail.python.org/**mailman/listinfo/python-list<http://mail.python.org/mailman/listinfo/python-list>
>
--
http://mail.python.org/mailman/listinfo/python-list
