python - Cannot remove SQLite row using 'where' and variable -

-

got problem, appreciate on it.

i want remove row, transferred func variable. that's code:

con = sql.connect('db.sqlite') cur = con.cursor() query = 'delete media_tmp media_id="%s"' % media_id.strip() print(query) cur.execute(query) if con:     con.close()

print(query) gives me following:

delete media_tmp media_id="737589711821419460_184456611"

and when execute directly in sqlite, works , removes deserved row. executed cur.execute(query) doesn't work @ all.

the func finishes good, got no errors.

you forgetting commit change:

con.commit()

the sqlite3 command line tool auto-commits changes, sqlite3 library not.

you should use sql parameters instead of string interpolation:

query = 'delete media_tmp media_id=?' cur.execute(query, (media_id.strip(),))

quoting sqlite3 documentation:

usually sql operations need use values python variables. shouldn’t assemble query using python’s string operations because doing insecure; makes program vulnerable sql injection attack (see http://xkcd.com/327/ humorous example of can go wrong).

instead, use db-api’s parameter substitution. put ? placeholder wherever want use value, , provide tuple of values second argument cursor’s execute() method. (other database modules may use different placeholder, such %s or :1.)


Comments

Post a Comment

Popular posts from this blog

database - VFP Grid + SQL server 2008 - grid not showing correctly -

-
i having problem, have grid called "gridbasica" , this: thisform.gridbase.recordsource = "sgviemp" sgviemp cursor made executing select sqlserver command sqlexec. when want modify registry, go form , the update there. so, when come form grid, grid isnt grid anymore, big white rectangle. reading around said: delete recordsource , asingt again. thisform.gridbase.recordsource = "" *--i sqlexe here thisform.gridbase.recordsource = "sgviemp" i , works, but, when click button modify again cursos updated modify form doesnt load fields did first time. could me out that? thanks in advance. --------------- edit ------------------ i have been doing recommended: lnselect = select(0) n = sqlexec(thisform.conexion,"select emp_ccodigo codigo, emp_cnombre 'nombre o razon social', emp_cnumrif 'r.i.f' sgviempr","sgviemp1") set echo on suspend select sgviemp zap in sgviemp *-- browse *--zaps correct
Read more

jquery - Set jPicker field to empty value -

-
im using jpicker color selector in form. have clear value set window/icon 'no color selected' state. i've tried following: $(':input[name="color"]').val(''); //access value directly. (does not affect jpicker) 2: $.jpicker.list[0].color.active.val('hex', '', this); //set color black , input value 000000, instead of empty string 3: $.jpicker.list[0].color.active.val(null, '', this); //does nothing none of 3 methods seems behave properly. in advance. this works me :) $.jpicker.list[0].color.active.val('v', null); here example: http://jsfiddle.net/3up7n/
Read more

.htaccess - htaccess convert request to clean url and add slash at the end of the url -

-
ok , searched more 4 days , more 20 posts here in stach or in websites without kind of success first here htaccess file rewriteengine on rewriterule ^([a-za-z0-9_]+)/?$ index.php?page=$1 [nc] rewriterule ^([a-za-z0-9_]+)\/([a-za-z0-9_]+)\/?$ index.php?page=$1&action=$2 [nc] i tried many codes 1 worked me can call request , works me www.example.com/pagename => www.example.com/index.php?page=pagename here questions , please provide me information "in detail" understand code well 1- how convert request automatically www.example.com/index.php?page=pagename www.example.com/pagename 2- if tried add slash @ end shows me page without images or styling mean www.example.com/pagename => works www.example.com/pagename/ => doesn't work that's :) for first part need 301 rule this: rewritecond %{the_request} /index\.php\?page=([^\s&]+) [nc] rewriterule ^ /%1? [r=301,l] for second part use absolute path in css, js, images files r
Read more