Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Why 'files.py' does not print the filenames into a table format?

Reply
Thread Tools

Why 'files.py' does not print the filenames into a table format?

 
 
Nick the Gr33k
Guest
Posts: n/a
 
      06-16-2013
On 16/6/2013 1:51 πμ, Chris Angelico wrote:
> On Sun, Jun 16, 2013 at 6:29 AM, Benjamin Schollnick
> <(E-Mail Removed)> wrote:
>> cur.execute('''SELECT ID FROM counters WHERE url = %s''', page )
>> cur.execute('''INSERT INTO counters (url) VALUES (%s)''', page )
>>
>> Sure, whoever wrote that code is a fool.
>>
>> http://xkcd.com/327/
>>
>> They didn't sanitize your database inputs.

>
> I assume you're talking about the above two lines of code? They're not
> SQL injection targets. The clue is that the %s isn't in quotes. This
> is an out-of-band argument passing method (actually, since he's using
> MySQL (IIRC), it's probably just going to escape it and pass it on
> through, but it comes to the same thing), so it's safe.
>
> ChrisA
>


Here is how i think i have dealt with it:

=================
path = '/home/nikos/public_html/'
cgi_path = '/home/nikos/public_html/cgi-bin/'

file = form.getvalue('file') # this comes from .htaccess
page = form.getvalue('page') # this comes form index.html or metrites.py

if not page and os.path.exists( file ):
# it is an html template
page = file.replace( path, '' )

......
......

#find the needed counter for the page URL
if os.path.exists( path + page ) or os.path.exists( cgi_path + page ):
cur.execute('''SELECT ID FROM counters WHERE url = %s''', page )
data = cur.fetchone() #URL is unique

==================

Do you think i'am sfae now from those kind of attacks?
Do you see some other way, better, to write the above?
--
What is now proved was at first only imagined!
 
Reply With Quote
 
 
 
 
Nick the Gr33k
Guest
Posts: n/a
 
      06-16-2013
On 16/6/2013 4:10 πμ, Mark Lawrence wrote:
> I have no intention of kill-filing you, muting your threads or ignoring
> you. I do intend hounding you until with any luck you crawl off into a
> hole somewhere and leave this group in peace.


No such luck i'm afraid for you.
And it seems to me that you are the one that doesn't leave this group in
piece, not me.


ps to other members: Is there any way in ThunderBird that i kill file
Mark? Never have to used kill-filing before but i'll start now.

--
What is now proved was at first only imagined!
 
Reply With Quote
 
 
 
 
Steven D'Aprano
Guest
Posts: n/a
 
      06-16-2013
Nikos,

Have you considered subscribing to this?

http://mail.python.org/mailman/listinfo/python-greece


Possibly some of these concepts will be easier for you to understand if
explained to you in your native language. Or you might be able to join a
local Users Group who can help you.



--
Steven
 
Reply With Quote
 
Denis McMahon
Guest
Posts: n/a
 
      06-16-2013
On Sat, 15 Jun 2013 22:38:38 +0300, Nick the Gr33k wrote:

> PLEASE take a look, its not a huge code


First, you need to start writing your code to less than 80 columns if
you're going to keep posting it to usenet. I'm sure I'm not the only
person who can't be bothered to unwrap it.

Secondly, the code you posted only tells part of the story - it's
obviously missing either relevant imports or defined functions or
possibly both.

Third, it would help to see examples of (a) what you expect it to
generate, and (b) what it actually generates. You obviously have a web
server available to you - you could put both code (just append .txt to
the filename) and screenshots from your browser there with no difficulty
at all and just include links.

--
Denis McMahon, http://www.velocityreviews.com/forums/(E-Mail Removed)
 
Reply With Quote
 
Nick the Gr33k
Guest
Posts: n/a
 
      06-16-2013
On 16/6/2013 8:06 πμ, Steven D'Aprano wrote:
> Nikos,
>
> Have you considered subscribing to this?
>
> http://mail.python.org/mailman/listinfo/python-greece
>
>
> Possibly some of these concepts will be easier for you to understand if
> explained to you in your native language. Or you might be able to join a
> local Users Group who can help you.


Thank you Steven i don't want to enter there as mail but wish to find it
as a newsgroups, which i tried to subscribe but TB couldn't find it.

Also i have no trouble understand you guys in English or express myself
here. I like English.

And i'm under the impression that foreigners are more helpful from
Greeks. At least that's what experience have tought me in a local linux
group for many years.

I prefer staying here but i can also subscribe there as well if you teel
me what the groups name.

--
What is now proved was at first only imagined!
 
Reply With Quote
 
Nick the Gr33k
Guest
Posts: n/a
 
      06-16-2013
On 16/6/2013 10:23 πμ, Denis McMahon wrote:
> On Sat, 15 Jun 2013 22:38:38 +0300, Nick the Gr33k wrote:
>
>> PLEASE take a look, its not a huge code

>
> First, you need to start writing your code to less than 80 columns if
> you're going to keep posting it to usenet. I'm sure I'm not the only
> person who can't be bothered to unwrap it.


TB behaves for me the same way. Any line > 80 chars gets a newline.
Why this is happening? Why not post up to 256 chars in a single line?

> Secondly, the code you posted only tells part of the story - it's
> obviously missing either relevant imports or defined functions or
> possibly both.
>
> Third, it would help to see examples of (a) what you expect it to
> generate, and (b) what it actually generates. You obviously have a web
> server available to you - you could put both code (just append .txt to
> the filename) and screenshots from your browser there with no difficulty
> at all and just include links.
>

Actually i twas a short story since i have asked this already in 2
previous threads of mine, but here it is the whole thing pasted in
pastebin. Its not so biug and with your talent you could understand it
in aprox. 5 mins.

http://pastebin.com/XgWKuXUC
--
What is now proved was at first only imagined!
 
Reply With Quote
 
Denis McMahon
Guest
Posts: n/a
 
      06-16-2013
On Sun, 16 Jun 2013 11:35:12 +0300, Nick the Gr33k wrote:

> TB behaves for me the same way. Any line > 80 chars gets a newline. Why
> this is happening? Why not post up to 256 chars in a single line?


Because this is usenet. Read the RFCs if you must know!

--
Denis McMahon, (E-Mail Removed)
 
Reply With Quote
 
Steven D'Aprano
Guest
Posts: n/a
 
      06-16-2013
On Sun, 16 Jun 2013 11:28:00 +0300, Nick the Gr33k wrote:

> On 16/6/2013 8:06 πμ, Steven D'Aprano wrote:
>> Nikos,
>>
>> Have you considered subscribing to this?
>>
>> http://mail.python.org/mailman/listinfo/python-greece


[...]
> I prefer staying here but i can also subscribe there as well if you teel
> me what the groups name.


Nikos, this is exactly the sort of thing that makes it painful to try to
help you. I've given you the URL. The name of the list is in the URL, and
even if it isn't, you can just click on it and see for yourself.

Let me repeat the URL in case you cannot see it above:

http://mail.python.org/mailman/listinfo/python-greece

I will not answer any more questions about the python-greece list,
because I do not know any more about it than what you can see by
following that list.



--
Steven
 
Reply With Quote
 
Ferrous Cranus
Guest
Posts: n/a
 
      06-16-2013
On 16/6/2013 1:33 μμ, Steven D'Aprano wrote:
> On Sun, 16 Jun 2013 11:28:00 +0300, Nick the Gr33k wrote:
>
>> On 16/6/2013 8:06 πμ, Steven D'Aprano wrote:
>>> Nikos,
>>>
>>> Have you considered subscribing to this?
>>>
>>> http://mail.python.org/mailman/listinfo/python-greece

>
> [...]
>> I prefer staying here but i can also subscribe there as well if you teel
>> me what the groups name.

>
> Nikos, this is exactly the sort of thing that makes it painful to try to
> help you. I've given you the URL. The name of the list is in the URL, and
> even if it isn't, you can just click on it and see for yourself.
>
> Let me repeat the URL in case you cannot see it above:
>
> http://mail.python.org/mailman/listinfo/python-greece
>
> I will not answer any more questions about the python-greece list,
> because I do not know any more about it than what you can see by
> following that list.
>
>
>

i did Steven that why i asked in the 1st place

To post a message to all the list members, send email to
(E-Mail Removed).

this is not a valid nrewgroup name/

--
What is now proved was at first only imagined!
 
Reply With Quote
 
Mark Lawrence
Guest
Posts: n/a
 
      06-16-2013
On 16/06/2013 11:57, Ferrous Cranus wrote:
> i did Steven that why i asked in the 1st place
>
> To post a message to all the list members, send email to
> (E-Mail Removed).
>
> this is not a valid nrewgroup name/
>


Not valid in the same way that (E-Mail Removed) is not valid?

--
"Steve is going for the pink ball - and for those of you who are
watching in black and white, the pink is next to the green." Snooker
commentator 'Whispering' Ted Lowe.

Mark Lawrence

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
When did the bool type make it into the language? Christopher Pisz C++ 13 05-05-2013 03:34 PM
Why are class static functions not in the scope of the class? Shriramana Sharma C++ 4 05-05-2013 12:57 PM
Considering File Content: Will the NetBeans IDE (deployed version)produce files identical to the javac compiler files clusardi2k@aol.com Java 4 04-26-2013 08:37 PM
findcontrol("PlaceHolderPrice") why why why why why why why why why why why Mr. SweatyFinger ASP .Net 2 12-02-2006 03:46 PM
problem with filenames, Filenames and FILENAMES B.J. HTML 4 04-23-2005 08:13 PM



Advertisments