def format_query(query, params):
"""Formats the parametrized query in the same fashion as MySQLdb.cursor.execute(query, params) does. It is used
for explicit parameters conversion/escaping to avoid SQL injection. Although MySQLdb.cursor.execute() does
the same automatically, it is not possible to get the query out of there before execution, i.e. for logging
purposes. The solution is to format the query before execute() and then simply pass it and use in logs or
wherever.
"""
if isinstance(params, dict):
return query % dict((key, escape(param, conversions)) for key, param in params.iteritems())
else:
return query % tuple((escape(param, conversions) for param in params))
def format_query(query, params):
"""Formats the parametrized query in the same fashion as MySQLdb.cursor.execute(query, params) does. It is used
for explicit parameters conversion/escaping to avoid SQL injection. Although MySQLdb.cursor.execute() does
the same automatically, it is not possible to get the query out of there before execution, i.e. for logging
purposes. The solution is to format the query before execute() and then simply pass it and use in logs or
wherever.
"""
if isinstance(params, dict):
return query % dict((key, escape(param, conversions))
for key, param in params.iteritems())
else:
return query % tuple(
(escape(param, conversions) for param in params))
def row_dicts_to_insert_query(klass, row_dicts):
"""Not the same as mysql_api.insert_row_dicts, because that uses
MySQLdb to a bunch of the escaping and interpolation."""
# Turn each row dictionary into an ordered dictionary
ordered_rows = [
OrderedDict(sorted(d.items(), key=lambda t: t[0]))
for d in row_dicts
]
return "INSERT INTO `{table}` (`{fields}`) VALUES {rows}".format(
table=klass.table,
# Quote each field name in backticks.
fields='`, `'.join(ordered_rows[0].keys()),
# Comma-separated list of sets of row values.
rows=','.join([
# Paren-wrapped comma-separated list of row values, each
# property quoted if necessary.
'({})'.format(', '.join(
[escape(v, conversions) for v in r.values()]))
for r in ordered_rows
]))
def _escape(param):
if isinstance(param, (list, tuple)):
return ','.join(_mysql.escape(p, CONVERSIONS) for p in param)
else:
return _mysql.escape(param, CONVERSIONS)
def _escape(param):
if isinstance(param, (list, tuple)):
param = [_escape_unicode(p) for p in param]
return ','.join(_mysql.escape_sequence(param, CONVERSIONS))
else:
return _mysql.escape(_escape_unicode(param), CONVERSIONS)
def escape(self, o, converter): return origmysqlc.escape(o, self.converter)
def escape(self, o, converter):
return origmysqlc.escape(o, self.converter)
if site.nodeType != 3:
try:
uniqueID = site.attributes['UniqueID'].value
except KeyError:
uniqueID ="not-so-unique"
name = getFirst(site,"Name")
userSupport = getFirst(site,'UserSupportContact')
sysAdmin = getFirst(site,'SysAdminContact')
security = getFirst(site,'SecurityContact')
description = getFirst(site,'Description')
location = getFirst(site,'Location')
latitude = float(getFirstN(site,'Latitude'))
longitude = float(getFirstN(site,'Longitude'))
web = getFirst(site,'Web')
sponsor = getFirst(site,'Sponsor')
site_query = 'SELECT * FROM Sites WHERE uniqueID= "%s"' % escape(uniqueID)
cursor.execute(site_query)
r = cursor.fetchone()
if (r == None):
print "inserting site definition now..."
site_tuple = (escape(uniqueID), escape(name),escape(description),
escape(userSupport), escape(sysAdmin), escape(security), escape(location),
latitude,longitude,escape(web),escape(sponsor))
site_insert = 'INSERT INTO Sites VALUES(NULL,"%s","%s","%s","%s","%s","%s","%s",%f,%f,"%s","%s")' % site_tuple
cursor.execute(site_insert)
site_id = cursor.lastrowid
else:
site_id = r[0]
storageElements = site.getElementsByTagName('StorageElement')
def format_query(query, params):
if isinstance(params, dict):
return query % dict((key, escape(param, conversions)) for key, param in params.iteritems())
else:
return query % tuple((escape(param, conversions) for param in params))
def _escape(param):
if isinstance(param, (list, tuple)):
param = [_escape_unicode(p) for p in param]
return ','.join(_mysql.escape_sequence(param, CONVERSIONS))
else:
return _mysql.escape(_escape_unicode(param), CONVERSIONS)
if site.nodeType != 3:
try:
uniqueID = site.attributes['UniqueID'].value
except KeyError:
uniqueID = "not-so-unique"
name = getFirst(site, "Name")
userSupport = getFirst(site, 'UserSupportContact')
sysAdmin = getFirst(site, 'SysAdminContact')
security = getFirst(site, 'SecurityContact')
description = getFirst(site, 'Description')
location = getFirst(site, 'Location')
latitude = float(getFirstN(site, 'Latitude'))
longitude = float(getFirstN(site, 'Longitude'))
web = getFirst(site, 'Web')
sponsor = getFirst(site, 'Sponsor')
site_query = 'SELECT * FROM Sites WHERE uniqueID= "%s"' % escape(
uniqueID)
cursor.execute(site_query)
r = cursor.fetchone()
if (r == None):
print "inserting site definition now..."
site_tuple = (escape(uniqueID), escape(name), escape(description),
escape(userSupport), escape(sysAdmin),
escape(security), escape(location), latitude,
longitude, escape(web), escape(sponsor))
site_insert = 'INSERT INTO Sites VALUES(NULL,"%s","%s","%s","%s","%s","%s","%s",%f,%f,"%s","%s")' % site_tuple
cursor.execute(site_insert)
site_id = cursor.lastrowid
else:
site_id = r[0]
storageElements = site.getElementsByTagName('StorageElement')
