TypeError: iterable argument required

eryksun () eryksun at gmail.com
Wed Apr 6 18:38:36 CEST 2011


On Wednesday, April 6, 2011 11:41:24 AM UTC-4, Νικόλαος Κούρας wrote:
> On 6 Απρ, 16:54, "eryksun ()" <ery... at gmail.com> wrote:
> 
> > You can also use an empty string as the default value when getting the field value
> 
> Please provide me an example.

import cgi
form = cgi.FieldStorage()
user = form.getfirst("user", "")

Here's the relevant section of the cgi docs:

http://docs.python.org/library/cgi.html#higher-level-interface

But it depends on your set up. Are you using mod_wsgi, mod_python, etc? Will you be using a framework such as Django or web2py?

> Can you please also provide an example of what happens if i use the
> special formatting identidier `%` instead of a comma?

All of the formatting for adding extra quotes and escaping special characters can be done with normal string formatting (which I neglected to do). But that's not counting the most important reason to let the database handle the operation: the potential for an attacker to inject SQL commands into form values (e.g., to drop all of your tables). So let the database handle formatting the strings and escaping any SQL statements contained therein.



More information about the Python-list mailing list