how to replace and string in a "SELECT ... IN ()"

Michael Mabin d3vvnull at
Sun Sep 28 21:16:29 CEST 2008

Tino, dude, I'm afraid I lied about my previous post being the last word.
 There are some things you said here that must be addressed.

On Sun, Sep 28, 2008 at 6:00 AM, Tino Wildenhain <tino at> wrote:

> Michael Mabin wrote:
>> I'm exhausted, so I'll just shut up about this after a few final words.
> Thank you for your time :-)
>> 1.  "edits" is used in data warehousing to describe data scrubbing or
>> filtering of fields in records that are used as input sources for loading
>> into data warehouses. It's a term that goes way back to batch processing on
>> the mainframe, so it's been used this way for a long time. Sometimes we use
>> 'validation' interchangeably with 'edit' but our use of validation usually
>> involves a check of input data against business rules and not type or range
>> checking which we consider 'edits'.  So maybe you're not used to hearing the
>> term used this way, but it is a variation perhaps of what you're used to.
> And so on and so on in the regular top posting manner

I thought I was clearing up your statement that "there is no such thing as
edits" and then you went on  about not knowing what I meant by "edits" .
 Why do you dismiss my effort to clarify a point you were clearly wrong

> Just to give you some thoughts again: your solution might be valid for
> you in your controlled environment. Yet you just presented it to the
> OP without telling him the limits of when this can be used. And this
> is outright dangerous. If one sees this without comment and without your
> background she will run into problems sooner or later. So my suggestion
> was to either don't tell people such solutions at all or tell them
> exactly under which circumstances they might be used.

Outright dangerous?  Again, you're assuming the OP's problem involved user
input from a web-page.  I was addressing the stated requirement of the
problem.  You can't automatically assume that this problem is related to
input from a web-page.  Why should I code in a manner that I will never
encounter?  Maybe instead of suggesting that my recommendation is outright
dangerous, you yourself might suggest the caveats.  Again, most of my
experiences lie within the batch environment, but I shouldn't have to
qualify my suggestions with 'this is what we do in the batch environment'.
 On a mailing list, people are free to point out the limits of my
recommendation, but that doesn't necessarily disqualify my recommendation.

> Still I think nailing the problem at the apropriate place is a habit
> which should generally devloped - as in your example an additional
> int() would have fixed it - but still it would not work if you
> want to deal with arbitrary strings. So its good to make suggestions
> but pretty please think ahead how someone would use it instead of
> investing all your energy into defending dangerous programming practice.

Again, danger is in the eye of the beholder and the hands of the user and
determined mostly by the circumstances.  A code generator written in Python
is going to be subject to all kinds of programming considerations that are
different from those in web applications.

> With "we in python" I referred to a fairly amount of literature about
> programming in python and it design patterns. Nothing me personally.

I wasn't aware that we are what has been written or what we have read.  I
thought we refers to people.  Though this sounds a lot like religion. And
maybe I am guilty of heresy.

> Ah and some final words to the controlleness of datawarehouse
> applications and similar things: by the time you are designing such
> a solutuion you will never know what future applications will be
> developed around it so its always best to be prepared.

Huh? What are you talking about?

> "Data scrubbing" seems a common idea but in fact its very hard to do
> it right due to the nature of different systems using different
> quoting logic. "Dont trust your input" is a habit not only applicable
> to web programming - in fact the company I work for does not do much
> web application but input validation is something we get even audited
> for.

"We" are always mindful of the problems "data scrubbing" entails.

Data scrubbing depends on the requirements, like everything else.  And of
course, it goes without saying that you should not trust your input, that
you should check and validate where appropriate.

> Nevertheless I wish you a very good weekend :-)
> Tino

| _ | * | _ |
| _ | _ | * |
| *  | * | * |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Python-list mailing list