Why Is Escaping Data Considered So Magical?
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Sat Jun 26 22:31:59 EDT 2010
In message <mailman.2126.1277534032.32709.python-list at python.org>, Ian Kelly
wrote:
> Your example from the first post of the thread rewritten using sqlalchemy:
>
> conn.execute(
> items.update()
> .where(items.c.inventory_nr == modify_id)
> .values(
> dict(
> (field[0], Params.getvalue("%s[%s]" % (field[1],
> urllib.quote(modify_id))))
> for field in [
> (items.c.class_name, "modify_class"),
> (items.c.make, "modify_make"),
> (items.c.model, "modify_model"),
> (items.c.details, "modify_details"),
> (items.c.serial_nr, "modify_serial"),
> (items.c.inventory_nr, "modify_invent"),
> (items.c.when_purchased, "modify_when_purchased"),
> ... you get the idea ...
> (items.c.location_name, "modify_location"),
> (items.c.comment, "modify_comment"),
> ]
> )
> )
> .values(last_modified = time.time())
> )
>
> Doesn't seem any less flexible to me, plus you don't have to worry
> about calling your SQLString function at all.
Except I only needed two calls to SQLString, while you need two dozen
instances of that repetitive items.c boilerplate.
As a human, being repetitive is not my job. That’s what the computer is for.
More information about the Python-list
mailing list