From: Νίκος on
Okey, i have many hours now struggling to convert a mysql datetime
field that i retreive to a string of this format '%d %b, %H:%M'

I google a lot but couldnt found out how to format it being a string

Here si the code so far:

try:
cursor.execute( ''' SELECT host, hits, date FROM visitors WHERE page
= '%s' ORDER BY date DESC ''' % (page) )
except MySQLdb.Error:
print( "Error %d: %s" % (e.args[0], e.args[1]) )
else:
#display results
print ( '''<center><br><h3> ( ÅðéóêÝðôçò ) ----- ( ÅðéóêÝøåéò )
----- ( Çìåñïìçíßá ) </h3><br>''' )
print ( '''<table border = "5" cellpadding = "5">''' )

results = cursor.fetchall()

for row in results:
print ( ''' <tr> ''' )

for entry in row:
entry = datetime.datetime.strftime( entry, '%d %b, %H:%M' ) #!!!
this is wrong!
print ( ''' <td> %s </td> ''' % entry )

sys.exit(0)

Apart from that i don't know how iam supposed to print it, because the
date string is the 3rd string in every row of the dataset.

Please help me out!
From: Νίκος on
On 5 Αύγ, 11:55, Dennis Lee Bieber <wlfr...(a)ix.netcom.com> wrote:
> On Wed, 4 Aug 2010 16:40:45 -0700 (PDT), Íßêïò
> <nikos.the.gr...(a)gmail.com> declaimed the following in
> gmane.comp.python.general:
>
> >                    for entry in row:
> >                            entry = datetime.datetime.strftime( entry, '%d %b, %H:%M' ) #!!!
> > this is wrong!
> >                            print ( ''' <td> %s </td> ''' % entry )
>
> > Apart from that i don't know how iam supposed to print it, because the
> > date string is the 3rd string in every row of the dataset.
>
>         As you state, it is the third item in each returned row... So why
> are you trying to treat EVERY item in the row as a date?

Because when i try to prin the 3 items liek that

print row[0], row[1], row[2]

it gives me an error, so i dont knwo how to tell it how to print the
3rd item differently.



>
>         Since MySQLdb appears to return datetime objects (my quick test is
> showing datetime.date for dates in a test database) you should be
> probably be using
>
>         formatted_entry = entry.strftime("%d... %M")

I tried that myself yesterday but look it fails to the following
message

/home/webville/public_html/cgi-bin/index.py
63
64 for entry in row:
65 formatted_entry =
entry.strftime('%d %b, %H:%M')
66 print ( ''' <td> %s </td> ''' %
entry )
67
formatted_entry undefined, entry = '178-124-186.dynamic.cyta.gr',
entry.strftime undefined
AttributeError: 'str' object has no attribute 'strftime'
args = ("'str' object has no attribute 'strftime'",)

From: Νίκος on
Hey i made it! :-)

dataset = cursor.fetchall()

for row in dataset:
print ( ''' <tr> ''' )

date = row[2].strftime( '%d %b, %H:%M' )

print ( ''' <td> %s </td> <td> %s </td> <td> %s </td> ''' %
( row[0], row[1], date ) )

Unfortunately had to ditch the 'for entry in row' line because
couldn't iterate over the items of the row.

Could you please shoe me how could i do the same thing with
iteration?!
Thanks!
From: Νίκος on
>On 5 Áýã, 22:09, Tim Chase <python.l...(a)tim.thechases.com> wrote:
> On 08/05/10 13:52, Íßêïò wrote:
>
> > dataset = cursor.fetchall()
>
> > for row in dataset:
> >      print ( '''<tr>  ''' )

As i have it the returned 'dataset' is stored line per line to 'row'.

So,
'dataset' in here is a 'list of tuples' right?
and
'row' in here is a tuple form the above list of tuples right?

Am i understanding this correctly?!


> Well, depending on whether "row" is a tuple or a list, you can do
> either

It was a tuple. But it migth as well be a list too?!?!

Could 'dataset' be a 'list of lists' as well?

How one would know in which way the returned mysql data is saved in?

> Though I think I'd make it a bit clearer by naming the fields:
>
>    for host, hits, dt in dataset:
>      print ("<tr>")
>      for item in (host, hits, dt.strftime(...)):
>        print ("<td>%s</td>" % item)
>      print ("</tr>")

Cool! I myself like this solution best over the all working other!
very nice approach thank you very much! Is what i anted and couldn't
write myself!

But please tell me if in my example 'row' was a tuple, what kind of
objects is 'host', 'hits', 'dt' here and how do they sore the data?

Thanks again for the cool examples!

From: Νίκος on
On 6 Αύγ, 08:13, John Nagle <na...(a)animats.com> wrote:
> On 8/4/2010 4:40 PM, Íßêïò wrote:
>
> >            cursor.execute( ''' SELECT host, hits, date FROM visitors WHERE page
> > = '%s' ORDER BY date DESC ''' % (page) )
>
> Don't do string substitution ("%") on SQL statements.  Let MySQLdb do it
> for you, with proper escaping:
>
>     cursor.execute('''SELECT host, hits, date FROM visitors WHERE page=%s
>         ORDER BY date DESC''', (page,))

Thanks i didn't know.
But you also do use '%s' here as well. Just without the quotes? Why?
How is this valid?
And also what's the comma after the (page,) ? What does the comam do?

>
> The difference is that if some external source can control "page", and
> they put in a value like
>
>         100 ; DELETE FROM visitors; SELECT * FROM visitors
>
> you just lost your data.

Thanks iam trying to test this because its very interesting and when i
try:

http://webville.gr/index.html?show=log&page="index.html ; DELETE FROM
visitors; SELECT * FROM visitors"

cgitb gives me an error

53 except MySQLdb.Error:
54 print ( "Error %d: %s" % (e.args[0],
e.args[1]) )
55 else:
56 #display dataset
e undefined
NameError: name 'e' is not defined
args = ("name 'e' is not defined",)

How can i try it successfully?
Have to ssay here that i use mod_rewrite in my remote web server and
every incoming html request gets treated by counter.py with this rule

RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^/?(.+\.html) /cgi-bin/counter.py?page=$1 [L,PT,QSA]

Also for the program exectuion to reach the:

cursor.execute( ''' SELECT host, hits, date FROM visitors WHERE page =
'%s' ORDER BY date DESC ''' % (page) )

statement i expect the user to:

#
=================================================================================================================
# if extra string is attached to the URL is 'log' then show excplicit
page log and exit
#
=================================================================================================================
if form.getvalue('show') == 'log':

Please help me reproduce what you suggest. I beleive its called MySQL
injection and i very like want to see this in action! :-)