news:3f3b9080 at dnews.tpgi.com.au...
Hello *,
I'm using Python and the cgi module to retrive data from a HTML form.
I'm then trying to get that information into a string. But efforts fail when
I run type(foo) on my string. type() returns tuple.
At a guess, the problem is in the SeAnRe package. I suspect thatI'm using Python and the cgi module to retrive data from a HTML form.
I'm then trying to get that information into a string. But efforts fail when
I run type(foo) on my string. type() returns tuple.
it's using eval() on the input, which will detect the parenthesis and
convert the input into a tuple.
This is, by the way, a *very bad thing to do*, because it can lead
to interesting results when you feed it unchecked data. At least,
they're interesting if you're interested in breaking (or breaking into)
a system.
So the short answer is to not put parenthesis around the string.
The long answer is to use a different package; one that doesn't
use eval(), exec or equivalent.
HTH
John Roth
My codes follows:
#!/usr/local/bin/python
import cgi
import time
import SeAnRe
# Begin
form = cgi.FieldStorage() # Grab the data from web page form
qu = "("
for name in form.keys():
qu += "'" + str((form[name].value)) + "',"
# Now we remove the 'Submit' text added by form key above and replace it
with it with the date, time and a closing ")"
tail = "'" + str(time.strftime("%Y-%m-%d")) + "','" +
str(time.strftime("%H:%M:%S")) + "')"
final_qu = SeAnRe.Action("'Submit',", tail, qu)
So basicly final_qu would be ('1','two','hello','2003-08-14','23:32:07')
However has stated above type(final_qu) return tuple.
I did get a little advice on running str on every element of final_qu like
this:
foo = ""
for k in final_qu.get_each_value:
foo += str(k)
But then I get "AttributeError: 'tuple' object has no attribute
'get_each_value"
The reason I need foo to be a string is because I'm using pgdb. A Python
interface to PostgreSQL.
Any would be great.
Thanks in advance
-Al
#!/usr/local/bin/python
import cgi
import time
import SeAnRe
# Begin
form = cgi.FieldStorage() # Grab the data from web page form
qu = "("
for name in form.keys():
qu += "'" + str((form[name].value)) + "',"
# Now we remove the 'Submit' text added by form key above and replace it
with it with the date, time and a closing ")"
tail = "'" + str(time.strftime("%Y-%m-%d")) + "','" +
str(time.strftime("%H:%M:%S")) + "')"
final_qu = SeAnRe.Action("'Submit',", tail, qu)
So basicly final_qu would be ('1','two','hello','2003-08-14','23:32:07')
However has stated above type(final_qu) return tuple.
I did get a little advice on running str on every element of final_qu like
this:
foo = ""
for k in final_qu.get_each_value:
foo += str(k)
But then I get "AttributeError: 'tuple' object has no attribute
'get_each_value"
The reason I need foo to be a string is because I'm using pgdb. A Python
interface to PostgreSQL.
Any would be great.
Thanks in advance
-Al