On Wed, 25 Jul 2012 14:40:04 -0700 (PDT), fanchyna <fanchyna@gmail.com>
declaimed the following in gmane.comp.python.django.user:
>
> > import os
> > import runconfig #configuration file
> > os.environ['DJANGO_SETTINGS_MODULE'] = runconfig.django_settings_module
> > from django.db import connection,transaction
> > c = connection.cursor()
> > url =
> > "http://www.academicjournals.org/ijps/PDF/pdf2011/18mar/G%C3%B3mez-Berb%C3%ADs
> > et al.pdf"
> >
> > dbquery = "INSERT INTO main_crawl_document SET url="+url
> > c.execute(dbquery)
> > transaction.commit_unless_managed()
>
ONE: That is not a valid SQL statement for INSERT or UPDATE ...
INSERT INTO table (fieldlist) VALUES (valuelist)
UPDATE table SET field = value WHERE key=identifier
TWO: NEVER build up your query by hand, USE the DB-API parameter
system to safely quote parameters...
dbquery = "insert into main_crawl_document (url-or-whatever-field)
values (%s)"
c.execute(dbquery, url)
{note: MySQLdb uses %s for the placeholder, SQLite3 uses ? for
placeholder, other RDBMs could use other syntax -- removing these
concerns is one goal of using RDBM-agnostic ORM systems}
--
Wulfraed Dennis Lee Bieber AF6VN
wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment