i Don't get why it makes trouble

[azrael]

j
[u'Tata', u'Oriovac', u'PrimorskoGoranska', u'hrvatska', u'Kuna']Traceback (most recent call last):
File "<string>", line 1, in <string>
TypeError: not enough arguments for format string


I want to format the string. the list has five elements and the string
has five placeholder but it wont format the string

 

[Jan Kaliszewski]

j [u'Tata', u'Oriovac', u'PrimorskoGoranska', u'hrvatska', u'Kuna']
len(j) 5
h = """SELECT distinct u.id_ulica, o.id_opcina, z.id_zupanija,
d.id_drzava, v.id_valuta FROM ulica as u, opcina as o, zupanija as
z, drzava as d, valuta as v WHERE u.naziv = '%s' AND o.naziv = '%s'
AND z.naziv = '%s' AND d.naziv = '%s' AND v.naziv = '%s'""" % (j)

Traceback (most recent call last):
File "<string>", line 1, in <string>
TypeError: not enough arguments for format string


I want to format the string. the list has five elements and the string
has five placeholder but it wont format the string

j must be a tuple -- so either define it as

(u'Tata', u'Oriovac', u'PrimorskoGoranska', u'hrvatska', u'Kuna')

or when using it, wrap it with tuple() constructor:

h = """...........""" % tuple(j)

 

[Jan Kaliszewski]

j

[u'Tata', u'Oriovac', u'PrimorskoGoranska', u'hrvatska', u'Kuna']

len(j) 5
h = """SELECT distinct u.id_ulica, o.id_opcina, z.id_zupanija,
d.id_drzava, v.id_valuta FROM ulica as u, opcina as o, zupanija as
z, drzava as d, valuta as v WHERE u.naziv = '%s' AND o.naziv =
'%s' AND z.naziv = '%s' AND d.naziv = '%s' AND v.naziv = '%s'""" %
(j)

Traceback (most recent call last):
File "<string>", line 1, in <string>
TypeError: not enough arguments for format string


I want to format the string. the list has five elements and the string
has five placeholder but it wont format the string

j must be a tuple -- so either define it as

[snip]

PS. If you use Python 2.6 or newer, better use .format() method
(then you can use also a list):
.... d.id_drzava, v.id_valuta FROM ulica as u, opcina as o, zupanija as \
.... z, drzava as d, valuta as v WHERE u.naziv = '{0}' AND o.naziv = \
.... '{1}' AND z.naziv = '{2}' AND d.naziv = '{3}' AND v.naziv = '{4}'\
.... """.format(*j)


Cheers,
*j

 

[azrael]

j
[u'Tata', u'Oriovac', u'PrimorskoGoranska', u'hrvatska', u'Kuna']
len(j)
5
h = """SELECT distinct u.id_ulica, o.id_opcina, z.id_zupanija,  
d.id_drzava, v.id_valuta FROM   ulica as u, opcina as o, zupanija as  
z, drzava as d, valuta as v  WHERE  u.naziv = '%s' AND o.naziv =  
'%s' AND z.naziv = '%s' AND d.naziv = '%s' AND v.naziv = '%s'""" %  
(j)
Traceback (most recent call last):
  File "<string>", line 1, in <string>
TypeError: not enough arguments for format string
I want to format the string. the list has five elements and the string
has five placeholder but it wont format the string

j must be a tuple -- so either define it as

[snip]

PS. If you use Python 2.6 or newer, better use .format() method
(then you can use also a list):

... d.id_drzava, v.id_valuta FROM   ulica as u, opcina as o, zupanija as \
... z, drzava as d, valuta as v  WHERE  u.naziv = '{0}' AND o.naziv = \
... '{1}' AND z.naziv = '{2}' AND d.naziv = '{3}' AND v.naziv = '{4}'\
... """.format(*j)

Cheers,
*j

Thanks Worked fine for me. I was a freakin idiot. I forgot about using
a tuple. damn lists

Thanks for the debuginig of my thoughts and actions.

thnx

 

[Philip Semanchuk]

j [u'Tata', u'Oriovac', u'PrimorskoGoranska', u'hrvatska', u'Kuna']
len(j) 5
h = """SELECT distinct u.id_ulica, o.id_opcina, z.id_zupanija,
d.id_drzava, v.id_valuta FROM ulica as u, opcina as o, zupanija
as z, drzava as d, valuta as v WHERE u.naziv = '%s' AND o.naziv
= '%s' AND z.naziv = '%s' AND d.naziv = '%s' AND v.naziv =
'%s'""" % (j)

Traceback (most recent call last):
File "<string>", line 1, in <string>
TypeError: not enough arguments for format string

Hi azrael,
You already have an answer to your question so I won't address that. I
want to point out that this is a dangerous way to build SQL statements.

For instance, what happens if someone enters a city name of L'viv?
Your SQL will break due to mismatched single quotes. This kind of code
is vulnerable to SQL injection attacks:
http://en.wikipedia.org/wiki/SQL_injection

Parameterized SQL is safer. Googling for 'parameterized SQL Python'
should find some examples for you.

Good luck
Philip

 

[azrael]

j

[u'Tata', u'Oriovac', u'PrimorskoGoranska', u'hrvatska', u'Kuna']

len(j) 5
h = """SELECT distinct u.id_ulica, o.id_opcina, z.id_zupanija,  
d.id_drzava, v.id_valuta FROM   ulica as u, opcina as o, zupanija  
as z, drzava as d, valuta as v  WHERE  u.naziv = '%s' AND o.naziv  
= '%s' AND z.naziv = '%s' AND d.naziv = '%s' AND v.naziv =  
'%s'""" % (j)

Traceback (most recent call last):
 File "<string>", line 1, in <string>
TypeError: not enough arguments for format string

Hi azrael,
You already have an answer to your question so I won't address that. I  
want to point out that this is a dangerous way to build SQL statements.

For instance, what happens if someone enters a city name of L'viv?  
Your SQL will break due to mismatched single quotes. This kind of code  
is vulnerable to SQL injection attacks:http://en.wikipedia.org/wiki/SQL_injection

Parameterized SQL is safer. Googling for 'parameterized SQL Python'  
should find some examples for you.

Good luck
Philip

I know Already. This is sopussed to be a small office application
connecting on a LAN mysql server with no web connection. Thank you
anyway

 

[Philip Semanchuk]

j
[u'Tata', u'Oriovac', u'PrimorskoGoranska', u'hrvatska', u'Kuna']
len(j)
5
h = """SELECT distinct u.id_ulica, o.id_opcina, z.id_zupanija,
d.id_drzava, v.id_valuta FROM ulica as u, opcina as o, zupanija
as z, drzava as d, valuta as v WHERE u.naziv = '%s' AND o.naziv
= '%s' AND z.naziv = '%s' AND d.naziv = '%s' AND v.naziv =
'%s'""" % (j)
Traceback (most recent call last):
File "<string>", line 1, in <string>
TypeError: not enough arguments for format string

Hi azrael,
You already have an answer to your question so I won't address
that. I
want to point out that this is a dangerous way to build SQL
statements.

For instance, what happens if someone enters a city name of L'viv?
Your SQL will break due to mismatched single quotes. This kind of
code
is vulnerable to SQL injection attacks:http://en.wikipedia.org/wiki/SQL_injection

Parameterized SQL is safer. Googling for 'parameterized SQL Python'
should find some examples for you.

Good luck
Philip

I know Already. This is sopussed to be a small office application
connecting on a LAN mysql server with no web connection. Thank you
anyway

You're welcome. I'm glad you are aware. You're ahead of a lot of
developers out there.

I encourage you to at least think about using parameterized SQL anyway
because you never know when someone (maybe even you!) will copy &
paste your code, or use your library without realizing that it was
"internal use only". It's usually just as easy as building SQL strings
anyway.

And besides, what about L'viv? =)

Good luck with whatever choice you make
Philip

 

[azrael]

On Aug 13, 2009, at 2:56 PM, azrael wrote:
j
[u'Tata', u'Oriovac', u'PrimorskoGoranska', u'hrvatska', u'Kuna']
len(j)
5
h = """SELECT distinct u.id_ulica, o.id_opcina, z.id_zupanija,
d.id_drzava, v.id_valuta FROM   ulica as u, opcina as o, zupanija
as z, drzava as d, valuta as v  WHERE  u.naziv = '%s' AND o.naziv
= '%s' AND z.naziv = '%s' AND d.naziv = '%s' AND v.naziv =
'%s'""" % (j)
Traceback (most recent call last):
 File "<string>", line 1, in <string>
TypeError: not enough arguments for format string
Hi azrael,
You already have an answer to your question so I won't address  
that. I
want to point out that this is a dangerous way to build SQL  
statements.
For instance, what happens if someone enters a city name of L'viv?
Your SQL will break due to mismatched single quotes. This kind of  
code
is vulnerable to SQL injection attacks:http://en.wikipedia.org/wiki/SQL_injection
Parameterized SQL is safer. Googling for 'parameterized SQL Python'
should find some examples for you.
Good luck
Philip

I know Already. This is sopussed to be a small office application
connecting on a LAN mysql server with no web connection. Thank you
anyway

You're welcome. I'm glad you are aware. You're ahead of a lot of  
developers out there.

I encourage you to at least think about using parameterized SQL anyway  
because you never know when someone (maybe even you!) will copy &  
paste your code, or use your library without realizing that it was  
"internal use only". It's usually just as easy as building SQL strings  
anyway.

And besides, what about L'viv? =)

Good luck with whatever choice you make
Philip

Currently I am working on just a prototype to show what is possible to
be done to get me some fundings for my future work. after that I will
get over to an SQL Alchemy. It's ORM will take over this business for
me.

A lot of people a not aware of SQL injection. My friend from college
asked me and a couple of other guys for Pen testing of an website. His
SQL injection mistake made him an epic fail.

Thanks

 

[Terry Reedy]

Thanks Worked fine for me. I was a freakin idiot. I forgot about using
a tuple. damn lists

The special casing of tuples versus other sequence objects with %
formatting, and the forgetting and mistake making of multiple people is
one of the reasons for the new .format system. Any sequence can either
be passed and printed as a single object or *unrolled as multiple objects.

tjr