[Tutor] Fwd: do you know how to do this
alan.gauld at btinternet.com
Thu Oct 12 14:36:14 CEST 2006
Forwarding to the group...
--- anil maran <anilmrn at yahoo.com> wrote:
> Date: Thu, 12 Oct 2006 01:46:44 -0700 (PDT)
> From: anil maran <anilmrn at yahoo.com>
> Subject: do you know how to do this
> To: Alan Gauld <alan.gauld at btinternet.com>
> The user, password and group are stored in a session on disk
> flup.middleware.session. You can change this to fit your needs
> like in
> a database. I think someone have already extended the flup
> session with
> a database store?
> Use the decorator function on your GET and POST method to set
> authentication and provide which group are allowed.
> If auth is set to True and user/password/access did not match,
> redirect is made to /login.
> ----- Original Message ----
> From: Alan Gauld <alan.gauld at btinternet.com>
> To: tutor at python.org
> Sent: Thursday, October 12, 2006 12:31:04 AM
> Subject: Re: [Tutor] SQL Queries For MySQL
> > query = "SELECT * FROM DB WHERE NAME = %s" % (name)
> > cursor.execute(query)
> There can be security issues with this style, especially
> if the parameters can be modified by users - for example
> you read the values from a web page.
> The cursor.execute() call has the ability to pass the
> in directly, ie combining the two statements above into one.
> The details of how ypou do that varies between database
> drivers so you need to check the documents but I think for
> MySQL its almost an exact translation:
> query = "SELECT * FROM DB WHERE NAME = %s"
> cursor.execute(query, name)
> If you search the ist archives you'll find a fairly long
> describing the whys/wherefores in much more depth.
> Alan Gauld
> Author of the Learn to Program web site
> Tutor maillist - Tutor at python.org
Send instant messages to your online friends http://uk.messenger.yahoo.com
More information about the Tutor