On Fri, 11 Mar 2005 00:15:48 +0000, Matt Goodall
On Thu, 2005-03-10 at 17:59 -0600, Luis N wrote: This is bad. You should not use Python's string formatting to build queries - pass the queries args as a tuple and let the database module prepare the query:
return dbpool.runQuery( "SELECT english FROM lang WHERE spanish LIKE %s", (data,))
In particular, this lets the database module correctly quote ''data'' and protects you from SQL insertion problems.
- Matt
Thank you. Now that I know how to use nevow and adbapi, I'm confused by xmlrpc and adbapi. class Educators(xmlrpc.XMLRPC): def xmlrpc_authEducator(self, educator, identify): self.educator = educator self.identify = identify if authenticate(self.educator).addCallback(authResult) == self.identify: return 1 else: return 0 def authenticate(educator): return dbpool.runQuery("SELECT password FROM educatorgroup WHERE educator LIKE %s", (educator,)) def authResult(db): if db: return db[0][0] else: return 0 xmlrpc_authEducator always returns 0, but if I change authResult to print I know that the result is correct.