Tuple to string problems

[Alastair G. Hogge]

Hello *,

I'm using Python and the cgi module to retrive data from a HTML form.
I'm then trying to get that information into a string. But efforts fail when
I run type(foo) on my string. type() returns tuple.

My codes follows:
#!/usr/local/bin/python

import cgi
import time
import SeAnRe

# Begin
form = cgi.FieldStorage() # Grab the data from web page form

qu = "("
for name in form.keys():
qu += "'" + str((form[name].value)) + "',"


# Now we remove the 'Submit' text added by form key above and replace it
with it with the date, time and a closing ")"
tail = "'" + str(time.strftime("%Y-%m-%d")) + "','" +
str(time.strftime("%H:%M:%S")) + "')"
final_qu = SeAnRe.Action("'Submit',", tail, qu)

So basicly final_qu would be ('1','two','hello','2003-08-14','23:32:07')
However has stated above type(final_qu) return tuple.
I did get a little advice on running str on every element of final_qu like
this:
foo = ""
for k in final_qu.get_each_value:
foo += str(k)

But then I get "AttributeError: 'tuple' object has no attribute
'get_each_value"

The reason I need foo to be a string is because I'm using pgdb. A Python
interface to PostgreSQL.

Any would be great.
Thanks in advance
-Al

 

[Sean Ross]

So basicly final_qu would be ('1','two','hello','2003-08-14','23:32:07')
However has stated above type(final_qu) return tuple.

If final_qu is already a tuple of strings, and what you need is one string
with each string in the tuple concatenated, then you can do this:

If you can't guarantee that each tuple element is a string, try this:

final_qu_str = ' '.join([str(e) for e in final_qu])
final_qu_str '1 two hello 2003-08-14 23:32:07'

[str(e) for e in final_qu] creates a list of a strings from the elements in
final_qu.

HTH
Sean

 

[Alastair G. Hogge]

So basicly final_qu would be ('1','two','hello','2003-08-14','23:32:07')
However has stated above type(final_qu) return tuple.

If final_qu is already a tuple of strings, and what you need is one string
with each string in the tuple concatenated, then you can do this:

If you can't guarantee that each tuple element is a string, try this:

final_qu_str = ' '.join([str(e) for e in final_qu])
final_qu_str '1 two hello 2003-08-14 23:32:07'

[str(e) for e in final_qu] creates a list of a strings from the elements
[in
final_qu.

HTH
Sean

OK. Sorry I didn't quite make myslef clear.
final_qu is a string for pydb. The string should be something link:
INSERT INTO foo VALUES "('1','two','hello','2003-08-14','23:32:07')"
I need the () and each value must be inclosed in '' for the database
interface.

 

[John Roth]

Hello *,

I'm using Python and the cgi module to retrive data from a HTML form.
I'm then trying to get that information into a string. But efforts fail when
I run type(foo) on my string. type() returns tuple.

At a guess, the problem is in the SeAnRe package. I suspect that
it's using eval() on the input, which will detect the parenthesis and
convert the input into a tuple.

This is, by the way, a *very bad thing to do*, because it can lead
to interesting results when you feed it unchecked data. At least,
they're interesting if you're interested in breaking (or breaking into)
a system.

So the short answer is to not put parenthesis around the string.
The long answer is to use a different package; one that doesn't
use eval(), exec or equivalent.

HTH

John Roth

My codes follows:
#!/usr/local/bin/python

import cgi
import time
import SeAnRe

# Begin
form = cgi.FieldStorage() # Grab the data from web page form

qu = "("
for name in form.keys():
qu += "'" + str((form[name].value)) + "',"


# Now we remove the 'Submit' text added by form key above and replace it
with it with the date, time and a closing ")"
tail = "'" + str(time.strftime("%Y-%m-%d")) + "','" +
str(time.strftime("%H:%M:%S")) + "')"
final_qu = SeAnRe.Action("'Submit',", tail, qu)

So basicly final_qu would be ('1','two','hello','2003-08-14','23:32:07')
However has stated above type(final_qu) return tuple.
I did get a little advice on running str on every element of final_qu like
this:
foo = ""
for k in final_qu.get_each_value:
foo += str(k)

But then I get "AttributeError: 'tuple' object has no attribute
'get_each_value"

The reason I need foo to be a string is because I'm using pgdb. A Python
interface to PostgreSQL.

Any would be great.
Thanks in advance
-Al

 

[Alastair G. Hogge]

So basicly final_qu would be
('1','two','hello','2003-08-14','23:32:07') However has stated above
type(final_qu) return tuple.

If final_qu is already a tuple of strings, and what you need is one
string with each string in the tuple concatenated, then you can do this:

final_qu = ('1','two','hello','2003-08-14','23:32:07')
final_qu_str = ' '.join(final_qu)
final_qu_str
'1 two hello 2003-08-14 23:32:07'


If you can't guarantee that each tuple element is a string, try this:
final_qu_str = ' '.join([str(e) for e in final_qu])
final_qu_str
'1 two hello 2003-08-14 23:32:07'


[str(e) for e in final_qu] creates a list of a strings from the elements
[in
final_qu.

HTH
Sean

OK. Sorry I didn't quite make myslef clear.
final_qu is a string for pydb. The string should be something link:
INSERT INTO foo VALUES "('1','two','hello','2003-08-14','23:32:07')"
I need the () and each value must be inclosed in '' for the database
interface.

Having just been through this myself, you're playing with fire: what if
one of those strings contains a quote character (single or double)?

Let the database interface do the quoting for you. I don't know what
your table looks like, but I see two possibilities (all code untested):

If your table contains a single column in which you're trying to put
that whole string:

sql = """INSERT INTO foo VALUES (%s)"""
params = (repr( final_qu ),) # "str" may work here, too
pydbcursor.execute( sql, params )

If your table contains five columns, one for each element of that tuple:

sql = """INSERT INTO foo VALUES (""" \
+ ','.join( ['%s'] * len( final_qu ) ) \
+ """)"""
params = final_qu
pydbcursor.execute( sql, params )

HTH,
Heather

OK I removed the all the 's from the string.
But now I get this:
<error>
raise DatabaseError, "error '%s' in '%s'" % ( msg, sql ), referer:
http://nova/~agh/house.html
pgdb.DatabaseError: error 'ERROR: parser: parse error at or near ":" at
character 155, referer: http://nova/~agh/house.html
' in 'INSERT INTO house VALUES
(1,two,three,four,five,six,seven,eight,nine,ten,eleven,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,N/A,2003-08-18,13:19:06)',
referer: http://nova/~agh/house.html
</error>

As my modifed code:
<code>
#!/usr/local/bin/python

import cgi
import time
import pgdb

def Initialise():
_dbuser = "agh"
_dbsource = "127.0.0.1:foo" # dsn.
_dbname = "foo"
return (pgdb.connect(dsn=_dbsource, user=_dbuser, database=_dbname))

def AddData(query):
db = Initialise()
cur = db.cursor()
cur.execute(query)
db.commit()
cur.close()
db.close()
# Begin
form = cgi.FieldStorage() # Grab the data from web page form

qu = ""
# Now we put all the form data into one big string for the db query.
for name in form.keys():
if form[name].value == "Submit":
qu += str(time.strftime("%Y-%m-%d")) + "," +
str(time.strftime("%H:%M:%S"))
break
else:
qu += form[name].value + ","

StoreData.AddData("INSERT INTO house VALUES (%s)" % (qu))
DisplayContent.WebPage(qu)
</code>