[Tutor] MySqldb problem

Chris Babcock cbabcock at asciiking.com
Tue Jan 20 13:30:18 CET 2009 

On 20 Jan 2009 11:10:14 -0000
"Manoj kumar" <manoj_kumar2512 at rediffmail.com> wrote:
    
>     i am a newbie to python programming. i just know basics of the
> language. i came across MySqldb. i able to manipulate database with
> MySqldb but i wasn't able to add files in database through the lib
> MySqldb.

Right. Whatever you want to do in the database, you'll have to have a
user defined in MySQL with the necessary permissions and have that user
configured in your program.


Details:

Generally, you want to follow the principle of least permissions for
security in your app. Almost all database apps need select privileges
for their database user. A good many need insert, update and/or delete
privileges. Dynamically generated tables aren't sound relational
design, so your tables should be created using an administrative user
for the database rather than giving the MySQL user defined for your app
unnecessary privileges. As long as you're in development and no
untrusted users have access to the app, do what you want. Before
setting it wild or running it as server, whatever it does, replace the
user that you've defined as having "ALL" privilege on the database with
one that has only those privileges needed for what the app does.


Alternative:

Also, MySqldb is the manual way to use a MySQL database. It's fine if
you want to generate query strings manually because you know what
you're doing and you're sure that your code will never be used with a
different database. The problem for a new user is that using MySqldb
means learning Python and SQL at the same time to build your app. You
aren't learning Python because you're a mental masochist. You're
learning Python because it's an easy way to get programs working.

A more Pythonic way to work with databases would be to use an Object
Relational Mapper like SQLAlchemy. The simple explanation is that the
ORM lets you just work with objects in your app instead of generating
query strings. This approach also gets you a lot of other features for
free like independence from being database specific and protection from
SQL injection attacks.

Chris

-- 

Thank you everyone! USAK is live on its new connection.
So far you have given $198 towards next quarter.

To make a donation, use this link (opens on PayPal):
    http://tinyurl.com/USAK2009

More information about the Tutor mailing list