Esempi in Python per escape, esempi in Python per _mysql.escape

Esempio n. 1

0

Mostra file

File: OssimDB.py Progetto: jpalanco/alienvault-ossim

 def format_query(query, params):
     """Formats the parametrized query in the same fashion as MySQLdb.cursor.execute(query, params) does. It is used
        for explicit parameters conversion/escaping to avoid SQL injection. Although MySQLdb.cursor.execute() does
        the same automatically, it is not possible to get the query out of there before execution, i.e. for logging
        purposes. The solution is to format the query before execute() and then simply pass it and use in logs or
        wherever.
     """
     if isinstance(params, dict):
         return query % dict((key, escape(param, conversions)) for key, param in params.iteritems())
     else:
         return query % tuple((escape(param, conversions) for param in params))

Esempio n. 2

0

Mostra file

 def format_query(query, params):
     """Formats the parametrized query in the same fashion as MySQLdb.cursor.execute(query, params) does. It is used
        for explicit parameters conversion/escaping to avoid SQL injection. Although MySQLdb.cursor.execute() does
        the same automatically, it is not possible to get the query out of there before execution, i.e. for logging
        purposes. The solution is to format the query before execute() and then simply pass it and use in logs or
        wherever.
     """
     if isinstance(params, dict):
         return query % dict((key, escape(param, conversions))
                             for key, param in params.iteritems())
     else:
         return query % tuple(
             (escape(param, conversions) for param in params))

Esempio n. 3

0

Mostra file

    def row_dicts_to_insert_query(klass, row_dicts):
        """Not the same as mysql_api.insert_row_dicts, because that uses
        MySQLdb to a bunch of the escaping and interpolation."""

        # Turn each row dictionary into an ordered dictionary
        ordered_rows = [
            OrderedDict(sorted(d.items(), key=lambda t: t[0]))
            for d in row_dicts
        ]

        return "INSERT INTO `{table}` (`{fields}`) VALUES {rows}".format(
            table=klass.table,
            # Quote each field name in backticks.
            fields='`, `'.join(ordered_rows[0].keys()),
            # Comma-separated list of sets of row values.
            rows=','.join([
                # Paren-wrapped comma-separated list of row values, each
                # property quoted if necessary.
                '({})'.format(', '.join(
                    [escape(v, conversions) for v in r.values()]))
                for r in ordered_rows
            ]))

Esempio n. 4

0

Mostra file

def _escape(param):
    if isinstance(param, (list, tuple)):
        return ','.join(_mysql.escape(p, CONVERSIONS) for p in param)
    else:
        return _mysql.escape(param, CONVERSIONS)

Esempio n. 5

0

Mostra file

File: database.py Progetto: yuhonghong7035/memsql-python

def _escape(param):
    if isinstance(param, (list, tuple)):
        param = [_escape_unicode(p) for p in param]
        return ','.join(_mysql.escape_sequence(param, CONVERSIONS))
    else:
        return _mysql.escape(_escape_unicode(param), CONVERSIONS)

Esempio n. 6

0

Mostra file

File: coromysql.py Progetto: rtyler/gogreen

	def escape(self, o, converter):
		return origmysqlc.escape(o, self.converter)

Esempio n. 7

0

Mostra file

 def escape(self, o, converter):
     return origmysqlc.escape(o, self.converter)

Esempio n. 8

0

Mostra file

File: dom.py Progetto: makkus/infosystems

    if  site.nodeType != 3:
        try:
            uniqueID = site.attributes['UniqueID'].value
        except KeyError:
            uniqueID ="not-so-unique"
        name = getFirst(site,"Name")
        userSupport = getFirst(site,'UserSupportContact')
        sysAdmin = getFirst(site,'SysAdminContact')
        security = getFirst(site,'SecurityContact')
        description = getFirst(site,'Description')
        location = getFirst(site,'Location')
        latitude = float(getFirstN(site,'Latitude'))
        longitude = float(getFirstN(site,'Longitude'))
        web =  getFirst(site,'Web')
        sponsor =  getFirst(site,'Sponsor')
        site_query = 'SELECT * FROM Sites WHERE uniqueID= "%s"' % escape(uniqueID)
        cursor.execute(site_query)
        r = cursor.fetchone()
        if (r == None):
            print "inserting site definition now..."
            site_tuple = (escape(uniqueID), escape(name),escape(description),
                          escape(userSupport), escape(sysAdmin), escape(security), escape(location),
                          latitude,longitude,escape(web),escape(sponsor))
            site_insert = 'INSERT INTO Sites VALUES(NULL,"%s","%s","%s","%s","%s","%s","%s",%f,%f,"%s","%s")' % site_tuple
            cursor.execute(site_insert)
            site_id =  cursor.lastrowid
        else:
            site_id = r[0]

        storageElements  = site.getElementsByTagName('StorageElement')

Esempio n. 9

0

Mostra file

File: BackupManagerTest.py Progetto: zoe-mora-imdc/Ossim

 def format_query(query, params):
     if isinstance(params, dict):
         return query % dict((key, escape(param, conversions)) for key, param in params.iteritems())
     else:
         return query % tuple((escape(param, conversions) for param in params))

Esempio n. 10

0

Mostra file

File: database.py Progetto: aashanand/memsql-python

def _escape(param):
    if isinstance(param, (list, tuple)):
        param = [_escape_unicode(p) for p in param]
        return ','.join(_mysql.escape_sequence(param, CONVERSIONS))
    else:
        return _mysql.escape(_escape_unicode(param), CONVERSIONS)

Esempio n. 11

0

Mostra file

    if site.nodeType != 3:
        try:
            uniqueID = site.attributes['UniqueID'].value
        except KeyError:
            uniqueID = "not-so-unique"
        name = getFirst(site, "Name")
        userSupport = getFirst(site, 'UserSupportContact')
        sysAdmin = getFirst(site, 'SysAdminContact')
        security = getFirst(site, 'SecurityContact')
        description = getFirst(site, 'Description')
        location = getFirst(site, 'Location')
        latitude = float(getFirstN(site, 'Latitude'))
        longitude = float(getFirstN(site, 'Longitude'))
        web = getFirst(site, 'Web')
        sponsor = getFirst(site, 'Sponsor')
        site_query = 'SELECT * FROM Sites WHERE uniqueID= "%s"' % escape(
            uniqueID)
        cursor.execute(site_query)
        r = cursor.fetchone()
        if (r == None):
            print "inserting site definition now..."
            site_tuple = (escape(uniqueID), escape(name), escape(description),
                          escape(userSupport), escape(sysAdmin),
                          escape(security), escape(location), latitude,
                          longitude, escape(web), escape(sponsor))
            site_insert = 'INSERT INTO Sites VALUES(NULL,"%s","%s","%s","%s","%s","%s","%s",%f,%f,"%s","%s")' % site_tuple
            cursor.execute(site_insert)
            site_id = cursor.lastrowid
        else:
            site_id = r[0]

        storageElements = site.getElementsByTagName('StorageElement')