[Tutor] Handling MySQLdb exceptions

Kent Johnson kent37 at tds.net
Wed Dec 19 20:39:06 CET 2007

Paul Schewietzek wrote:
> Just so you don't need to wonder: The .csv-file I give to the script for 
> testing is absolutely OK.

Except that it contains data that the insert statement doesn't 
like...does it contain any blank lines? Printing 'line' in the exception 
handler would be useful.

Also this code is vulnerable to SQL injection attacks, if you don't 
trust the source of the input file you should not use this. For example 
if the file contained a line like
titel, vorname, nachname, strasse, hausnummer, plz, ort, 
rufnummer,datum); delete from pool; --
that would be bad.

More information about the Tutor mailing list