more pythonic

[Temoto]

Hello.

There is a Django application, i need to place all its data into
Access mdb file and send it to user.
It seems to me that params filling for statement could be expressed in
a more beautiful way.
Since i'm very new to Python, i don't feel that, though.

Could you tell your opinion on that snippet?

<code>
sql = """insert into salesmanager
(employeeid, name, officelocation, departmentname, salary)
values (?, ?, ?, ?, ?);"""
params = []
for manager in Manager.objects.all():
params.append( (manager.id, manager.name, manager.office,
manager.department, manager.salary) )
curs.executemany(sql, params)
</code>

 

[7stud]

Hello.

There is a Django application, i need to place all its data into
Access mdb file and send it to user.
It seems to me that params filling for statement could be expressed in
a more beautiful way.
Since i'm very new to Python, i don't feel that, though.

Could you tell your opinion on that snippet?

<code>
    sql = """insert into salesmanager
        (employeeid, name, officelocation, departmentname, salary)
        values (?, ?, ?, ?, ?);"""
    params = []
    for manager in Manager.objects.all():
        params.append( (manager.id, manager.name, manager.office,
manager.department, manager.salary) )
    curs.executemany(sql, params)
</code>

It's my understanding that the way you insert arguments into queries
has to be done in a db specific way. If done in that way, your
queries will be protected against sql injection attacks, AND the query
strings will be constructed in a more efficient manner.

 

[7stud]

It's my understanding that the way you insert arguments into queries
has to be done in a db specific way.  

Rather:

It's my understanding that the way you insert arguments into queries
*should* be done in a db specific way.  

 

[Paul McGuire]

Hello.

There is a Django application, i need to place all its data into
Access mdb file and send it to user.
It seems to me that params filling for statement could be expressed in
a more beautiful way.
Since i'm very new to Python, i don't feel that, though.

Could you tell your opinion on that snippet?

<code>
    sql = """insert into salesmanager
        (employeeid, name, officelocation, departmentname, salary)
        values (?, ?, ?, ?, ?);"""
    params = []
    for manager in Manager.objects.all():
        params.append( (manager.id, manager.name, manager.office,
manager.department, manager.salary) )
    curs.executemany(sql, params)
</code>

Replace:
params = []
for manager in Manager.objects.all():
params.append( (manager.id, manager.name,
manager.office, manager.department,
manager.salary) )

With this list comprehension:

params = [ (mgr.id, mgr.name, mgr.office,
mgr.department, mgr.salary)
for mgr in Manager.objects.all() ]

But the technique you are using, of creating a params list instead of
doing explicit string construction, IS the safe SQL-injection-
resistant way to do this.

-- Paul

 

[Temoto]

Hello.

There is a Django application, i need to place all its data into
Access mdb file and send it to user.
It seems to me that params filling for statement could be expressed in
a more beautiful way.
Since i'm very new to Python, i don't feel that, though.

Could you tell your opinion on that snippet?

<code>
sql = """insert into salesmanager
(employeeid, name, officelocation, departmentname, salary)
values (?, ?, ?, ?, ?);"""
params = []
for manager in Manager.objects.all():
params.append( (manager.id, manager.name, manager.office,
manager.department, manager.salary) )
curs.executemany(sql, params)
</code>

Replace:
params = []
for manager in Manager.objects.all():
params.append( (manager.id, manager.name,
manager.office, manager.department,
manager.salary) )

With this list comprehension:

params = [ (mgr.id, mgr.name, mgr.office,
mgr.department, mgr.salary)
for mgr in Manager.objects.all() ]

But the technique you are using, of creating a params list instead of
doing explicit string construction, IS the safe SQL-injection-
resistant way to do this.

-- Paul

Thanks a lot. I've been actually waiting for a list comprehension.

 

[Paul McGuire]

Hello.
There is a Django application, i need to place all its data into
Access mdb file and send it to user.
It seems to me that params filling for statement could be expressed in
a more beautiful way.
Since i'm very new to Python, i don't feel that, though.
Could you tell your opinion on that snippet?
<code>
    sql = """insert into salesmanager
        (employeeid, name, officelocation, departmentname, salary)
        values (?, ?, ?, ?, ?);"""
    params = []
    for manager in Manager.objects.all():
        params.append( (manager.id, manager.name, manager.office,
manager.department, manager.salary) )
    curs.executemany(sql, params)
</code>

Replace:
    params = []
    for manager in Manager.objects.all():
        params.append( (manager.id, manager.name,
                        manager.office, manager.department,
                        manager.salary) )

With this list comprehension:

    params = [ (mgr.id, mgr.name, mgr.office,
                 mgr.department, mgr.salary)
                for mgr in Manager.objects.all() ]

But the technique you are using, of creating a params list instead of
doing explicit string construction, IS the safe SQL-injection-
resistant way to do this.

-- Paul

Thanks a lot. I've been actually waiting for a list comprehension.- Hide quoted text -

- Show quoted text -

In general, whenever you have:

someNewList = []
for smthg in someSequence:
if condition(smthg):
someNewList.append( elementDerivedFrom(smthg) )

replace it with:

someNewList = [ elementDerivedFrom(smthg)
for smthg in someSequence
if condition(smthg) ]

-- Paul

 

[Alan Isaac]

In general, whenever you have:

someNewList = []

for smthg in someSequence:

if condition(smthg):

someNewList.append( elementDerivedFrom(smthg) )


replace it with:

someNewList = [ elementDerivedFrom(smthg)

for smthg in someSequence

if condition(smthg) ]

What is the gain? (Real question.)

I think the first is often easier to read.

Is the second more efficient?



Also, I think list comprehensions are often easier to read

as equivalent generator expressions:



someNewList = list( elementDerivedFrom(smthg)

for smthg in someSequence

if condition(smthg) )



Tastes vary of course.



Cheers,

Alan Isaac

 

[Paul McGuire]

In general, whenever you have:
    someNewList = []
    for smthg in someSequence:
        if condition(smthg):
            someNewList.append( elementDerivedFrom(smthg) )
replace it with:
    someNewList = [ elementDerivedFrom(smthg)
                      for smthg in someSequence
                        if condition(smthg) ]

What is the gain?  (Real question.)

I think the first is often easier to read.

Is the second more efficient?

Also, I think list comprehensions are often easier to read

as equivalent generator expressions:

      someNewList = list( elementDerivedFrom(smthg)

                            for smthg in someSequence

                              if condition(smthg) )

Tastes vary of course.

Cheers,

Alan Isaac

I think there is a performance gain in list comps over explicit for
looping - I'm sure google will turn up some stats for this in this
newsgroup in the past.

As for list(<generator-expr>) over [<list-comprehnesion>], that's why
they make chocolate and vanilla. (I believe that at one time, Guido
was considering discarding list comps in Py3K, with this list
+generator expression alternative being the rationale for dropping
them, but later changed his mind.)

-- Paul