Converting Perl Web Report to Python

**pmcgover@gmail.com** · Sep 23 '06, 10:05 PM

Re: Converting Perl Web Report to Python

Dennis,
Wow! Talk about RAD development... Nice job... Errr, real nice job. I
will test your concepts and see how it works.
Thanks a ton. You far exceeded my expectations!
Pat

Dennis Lee Bieber wrote:

On 23 Sep 2006 06:04:16 -0700, "pmcgover@gmail .com" <pmcgover@gmail .com>
declaimed the following in comp.lang.pytho n:
>
Answering bottom up...

Could this script be easily converted to Python? How would you execute
the Msql command line and direct the output to a variable for display
in the cgi script? Would it be possible to easily enhance this script
by allowing the user to pass in an SQL query parameter to the sql
script? I attempted this in Perl by substituting the string "p_1" in
the where clause of the sql code but I could not substitute this string
with the value in the cgi code (ie. $query =~ s/p_1/value_variable/;).
Perhaps it would be easier in Python?

Also, would the user supplied parameter be a security issue?

>
Unless you duplicate the type of checking a db-api module does for
parameterized queries -- indubitably...
>
I don't do PERL, but from what I see, they are essentially doing the
equivalent of a popen() call.
>
-=-=-=-=-=-=-=-=- script1.py
import os
>
USERID = "BestiariaC P" #this account is a read-only, no password
DBNAME = "bestiaria" #used for CherryTemplate page generation
>
# lacking a CGI interface, I'm just going to put in a few assignments
query = "script1.sq l"
title = "This is demonstrably nonsense"
>
cmdline = "mysql -H -u %s %s < %s" % (USERID, DBNAME, query)
>
# I don't know what header and start_html() do, so just a dummy here
print """
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
<html>
<head>
<title>%s</title>
</head>
>
<body>
""" % title
>
rpipe = os.popen(cmdlin e, "r")
results = rpipe.readlines ()
rpipe.close()
>
print '<h3 align="center"> %s</h3>' % title
print "".join(results )
print '<br><h4 align="center"> This was a sample</h4>'
print "</body>\n</html>"
-=-=-=-=-=-=-=-=-=- script1.sql
select name, URL, description, occurs
from comics
order by name;
-=-=-=-=-=-=-=-=-=- script1.html (excluded middle)
>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
<html>
<head>
<title>This is demonstrably nonsense</title>
</head>
>
<body>
>
<h3 align="center"> This is demonstrably nonsense</h3>
<TABLE
BORDER=1><TR><T H>name</TH><TH>URL</TH><TH>descript ion</TH><TH>occurs</TH></TR><TR><TD>A
Doemain of Our Own</TD><TD>http://www.doemain.com/</TD><TD>The new
family on the block.</TD><TD>Typicall y Friday, though some Monday and
Wednesday
updates</TD></TR><TR><TD>Afor d</TD><TD>http://www.afordturtle .com/</TD><TD>A
turtle, a snake, and a robin; and their life in the
forest.</TD><TD>Daily</TD></TR>
>
<TR><TD>Virtu al Comix</TD><TD>http://comix.keenspace .com/</TD><TD>He's
the insane rabbit next door.</TD><TD>No updates since March of
2003</TD></TR><TR><TD>West Corner of the
Park</TD><TD>http://www.graphxpress .com/</TD><TD>Inspired by FurryMUCK,
and done by Jim Groat, the creator of <i>Red
Shetland</i>.</TD><TD>Usually late Sunday, unless a Furry Convention
happens</TD></TR><TR><TD>What ever
USA</TD><TD>http://whateverusa.kee nspace.com/</TD><TD>A precocious
porcupine pup and his pals.</TD><TD>Sporadic </TD></TR><TR><TD>Wild
Angels</TD><TD>http://www.ottercomics .com/angels/</TD><TD>It'll put the
fur of God in you.</TD><TD>Irregula r (between two and seven times each
month)</TD></TR><TR><TD>Wyld fire</TD><TD>http://www.morgankeith studios.com/projects_wyldfi re.html</TD><TD>What
if the cat stuck up a tree <i>is</ithe fireman?</TD><TD>Archives
available</TD></TR></TABLE>
<br><h4 align="center"> This was a sample</h4>
</body>
</html>
>
Seems like a lot of hassle to go through when a Python function can
generate similar results without losing the safety of parameterized
queries (I do hope the SQL files the CGI is specifying were pre-defined,
and not something the user uploads <G>)
>
>
-=-=-=-=-=-=-=- script2.py
import MySQLdb
>
USERID = "BestiariaC P" #this account is a read-only, no password
DBNAME = "bestiaria" #used for CherryTemplate page generation
>
# lacking a CGI interface, I'm just going to put in a few assignments
queryfile = "script1.sq l"
title = "This is demonstrably nonsense"
>
cn = MySQLdb.connect (host="localhos t", user=USERID, db=DBNAME)
cr = cn.cursor()
>
# I don't know what header and start_html() do, so just a dummy here
print """
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
<html>
<head>
<title>%s</title>
</head>
>
<body>
""" % title
>
qin = open(queryfile, "r")
query = " ".join(qin.read lines())
qin.close()
>
cr.execute(quer y) #no parameters assumed
>
# THE FOLLOWING BLOCK OF CODE COULD EASILY BE MADE A
# FUNCTION IN SOME HTML REPORTING MODULE AS IT IS NOT
# DEPENDENT UPON THE ACTUAL QUERY TO KNOW WHAT TO PRODUCE
>
print '<h3 align="center"> %s</h3>' % title
print '<table border="1">\n<t r>',
for fld in cr.description:
print "<th>%s</th>" % fld[0],
print "</tr>"
>
for rec in cr:
print "<tr>",
for fld in rec:
print "<td>%s</td>" % fld,
print "</tr>"
print "</table>"
>
# BACK TO ORIGINAL CONTENT
>
print '<br><h4 align="center"> This was a sample</h4>'
print "</body>\n</html>"
>
cr.close()
cn.close()
-=-=-=-=-=- USES SAME SQL FILE
-=-=-=-=-=-=- script2.html (excluded middle)
>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
<html>
<head>
<title>This is demonstrably nonsense</title>
</head>
>
<body>
>
<h3 align="center"> This is demonstrably nonsense</h3>
<table border="1">
<tr<th>name</th<th>URL</th<th>descripti on</th<th>occurs</th>
</tr>
<tr<td>A Doemain of Our Own</td<td>http://www.doemain.com/</td>
<td>The new family on the block.</td<td>Typically Friday, though some
Monday and Wednesday updates</td</tr>
<tr<td>Aford</td<td>http://www.afordturtle .com/</td<td>A turtle, a
snake, and a robin; and their life in the forest.</td<td>Daily</td>
</tr>
>
<tr<td>Virtua l Comix</td<td>http://comix.keenspace .com/</td>
<td>He's the insane rabbit next door.</td<td>No updates since March of
2003</td</tr>
<tr<td>West Corner of the Park</td>
<td>http://www.graphxpress .com/</td<td>Inspired by FurryMUCK, and done
by Jim Groat, the creator of <i>Red Shetland</i>.</td<td>Usually late
Sunday, unless a Furry Convention happens</td</tr>
<tr<td>Whatev er USA</td<td>http://whateverusa.kee nspace.com/</td>
<td>A precocious porcupine pup and his pals.</td<td>Sporadic</td>
</tr>
<tr<td>Wild Angels</td<td>http://www.ottercomics .com/angels/</td>
<td>It'll put the fur of God in you.</td<td>Irregular (between two and
seven times each month)</td</tr>
<tr<td>Wyldfire </td>
<td>http://www.morgankeith studios.com/projects_wyldfi re.html</td>
<td>What if the cat stuck up a tree <i>is</ithe fireman?</td>
<td>Archives available</td</tr>
</table>
<br><h4 align="center"> This was a sample</h4>
</body>
</html>
--
Wulfraed Dennis Lee Bieber KD6MOG
wlfraed@ix.netc om.com wulfraed@bestia ria.com

HTTP://wlfraed.home.netcom.com/

(Bestiaria Support Staff: web-asst@bestiaria. com)
HTTP://www.bestiaria.com/

**pmcgover@gmail.com** · Sep 24 '06, 08:55 PM

Re: Converting Perl Web Report to Python

Dennis,
I was able to execute the Mysql command line code you created in
"script1.py ". I was not able to test the "preferred" method used in
script2.py. I will do this later this week when I have more time to
download and install the required MySQLdb module. In any event, I
would like to know how to search and replace a given string in the sql
to a user supplied value before execution.

For example, lets say that your sql script looks like this:

-=-=-=-=-=-=-=-=-=- script1.sql

select name, URL, description, occurs
from comics
where URL like '%MyParam_1%' # Note that "MyParam_1" represents
a "catch" string.
order by name;

-=-=-=-=-=-=-=-=-=-

Using the script2.py process, how could I safely convert the above
string, "MyParam_1" to a user supplied argument (ie. "comix") before
the SQL is executed?

This capability would allow each sql script to be extendable. It would
allow me to embed a URL with specific parameters in report OR in Wiki
pages, emails when I need to.
Thanks!
Pat

Dennis Lee Bieber wrote:

On 23 Sep 2006 06:04:16 -0700, "pmcgover@gmail .com" <pmcgover@gmail .com>
declaimed the following in comp.lang.pytho n:
>
Answering bottom up...

Could this script be easily converted to Python? How would you execute
the Msql command line and direct the output to a variable for display
in the cgi script? Would it be possible to easily enhance this script
by allowing the user to pass in an SQL query parameter to the sql
script? I attempted this in Perl by substituting the string "p_1" in
the where clause of the sql code but I could not substitute this string
with the value in the cgi code (ie. $query =~ s/p_1/value_variable/;).
Perhaps it would be easier in Python?

Also, would the user supplied parameter be a security issue?

>
Unless you duplicate the type of checking a db-api module does for
parameterized queries -- indubitably...
>
I don't do PERL, but from what I see, they are essentially doing the
equivalent of a popen() call.
>
-=-=-=-=-=-=-=-=- script1.py
import os
>
USERID = "BestiariaC P" #this account is a read-only, no password
DBNAME = "bestiaria" #used for CherryTemplate page generation
>
# lacking a CGI interface, I'm just going to put in a few assignments
query = "script1.sq l"
title = "This is demonstrably nonsense"
>
cmdline = "mysql -H -u %s %s < %s" % (USERID, DBNAME, query)
>
# I don't know what header and start_html() do, so just a dummy here
print """
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
<html>
<head>
<title>%s</title>
</head>
>
<body>
""" % title
>
rpipe = os.popen(cmdlin e, "r")
results = rpipe.readlines ()
rpipe.close()
>
print '<h3 align="center"> %s</h3>' % title
print "".join(results )
print '<br><h4 align="center"> This was a sample</h4>'
print "</body>\n</html>"
-=-=-=-=-=-=-=-=-=- script1.sql
select name, URL, description, occurs
from comics
order by name;
-=-=-=-=-=-=-=-=-=- script1.html (excluded middle)
>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
<html>
<head>
<title>This is demonstrably nonsense</title>
</head>
>
<body>
>
<h3 align="center"> This is demonstrably nonsense</h3>
<TABLE
BORDER=1><TR><T H>name</TH><TH>URL</TH><TH>descript ion</TH><TH>occurs</TH></TR><TR><TD>A
Doemain of Our Own</TD><TD>http://www.doemain.com/</TD><TD>The new
family on the block.</TD><TD>Typicall y Friday, though some Monday and
Wednesday
updates</TD></TR><TR><TD>Afor d</TD><TD>http://www.afordturtle .com/</TD><TD>A
turtle, a snake, and a robin; and their life in the
forest.</TD><TD>Daily</TD></TR>
>
<TR><TD>Virtu al Comix</TD><TD>http://comix.keenspace .com/</TD><TD>He's
the insane rabbit next door.</TD><TD>No updates since March of
2003</TD></TR><TR><TD>West Corner of the
Park</TD><TD>http://www.graphxpress .com/</TD><TD>Inspired by FurryMUCK,
and done by Jim Groat, the creator of <i>Red
Shetland</i>.</TD><TD>Usually late Sunday, unless a Furry Convention
happens</TD></TR><TR><TD>What ever
USA</TD><TD>http://whateverusa.kee nspace.com/</TD><TD>A precocious
porcupine pup and his pals.</TD><TD>Sporadic </TD></TR><TR><TD>Wild
Angels</TD><TD>http://www.ottercomics .com/angels/</TD><TD>It'll put the
fur of God in you.</TD><TD>Irregula r (between two and seven times each
month)</TD></TR><TR><TD>Wyld fire</TD><TD>http://www.morgankeith studios.com/projects_wyldfi re.html</TD><TD>What
if the cat stuck up a tree <i>is</ithe fireman?</TD><TD>Archives
available</TD></TR></TABLE>
<br><h4 align="center"> This was a sample</h4>
</body>
</html>
>
Seems like a lot of hassle to go through when a Python function can
generate similar results without losing the safety of parameterized
queries (I do hope the SQL files the CGI is specifying were pre-defined,
and not something the user uploads <G>)
>
>
-=-=-=-=-=-=-=- script2.py
import MySQLdb
>
USERID = "BestiariaC P" #this account is a read-only, no password
DBNAME = "bestiaria" #used for CherryTemplate page generation
>
# lacking a CGI interface, I'm just going to put in a few assignments
queryfile = "script1.sq l"
title = "This is demonstrably nonsense"
>
cn = MySQLdb.connect (host="localhos t", user=USERID, db=DBNAME)
cr = cn.cursor()
>
# I don't know what header and start_html() do, so just a dummy here
print """
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
<html>
<head>
<title>%s</title>
</head>
>
<body>
""" % title
>
qin = open(queryfile, "r")
query = " ".join(qin.read lines())
qin.close()
>
cr.execute(quer y) #no parameters assumed
>
# THE FOLLOWING BLOCK OF CODE COULD EASILY BE MADE A
# FUNCTION IN SOME HTML REPORTING MODULE AS IT IS NOT
# DEPENDENT UPON THE ACTUAL QUERY TO KNOW WHAT TO PRODUCE
>
print '<h3 align="center"> %s</h3>' % title
print '<table border="1">\n<t r>',
for fld in cr.description:
print "<th>%s</th>" % fld[0],
print "</tr>"
>
for rec in cr:
print "<tr>",
for fld in rec:
print "<td>%s</td>" % fld,
print "</tr>"
print "</table>"
>
# BACK TO ORIGINAL CONTENT
>
print '<br><h4 align="center"> This was a sample</h4>'
print "</body>\n</html>"
>
cr.close()
cn.close()
-=-=-=-=-=- USES SAME SQL FILE
-=-=-=-=-=-=- script2.html (excluded middle)
>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
<html>
<head>
<title>This is demonstrably nonsense</title>
</head>
>
<body>
>
<h3 align="center"> This is demonstrably nonsense</h3>
<table border="1">
<tr<th>name</th<th>URL</th<th>descripti on</th<th>occurs</th>
</tr>
<tr<td>A Doemain of Our Own</td<td>http://www.doemain.com/</td>
<td>The new family on the block.</td<td>Typically Friday, though some
Monday and Wednesday updates</td</tr>
<tr<td>Aford</td<td>http://www.afordturtle .com/</td<td>A turtle, a
snake, and a robin; and their life in the forest.</td<td>Daily</td>
</tr>
>
<tr<td>Virtua l Comix</td<td>http://comix.keenspace .com/</td>
<td>He's the insane rabbit next door.</td<td>No updates since March of
2003</td</tr>
<tr<td>West Corner of the Park</td>
<td>http://www.graphxpress .com/</td<td>Inspired by FurryMUCK, and done
by Jim Groat, the creator of <i>Red Shetland</i>.</td<td>Usually late
Sunday, unless a Furry Convention happens</td</tr>
<tr<td>Whatev er USA</td<td>http://whateverusa.kee nspace.com/</td>
<td>A precocious porcupine pup and his pals.</td<td>Sporadic</td>
</tr>
<tr<td>Wild Angels</td<td>http://www.ottercomics .com/angels/</td>
<td>It'll put the fur of God in you.</td<td>Irregular (between two and
seven times each month)</td</tr>
<tr<td>Wyldfire </td>
<td>http://www.morgankeith studios.com/projects_wyldfi re.html</td>
<td>What if the cat stuck up a tree <i>is</ithe fireman?</td>
<td>Archives available</td</tr>
</table>
<br><h4 align="center"> This was a sample</h4>
</body>
</html>
--
Wulfraed Dennis Lee Bieber KD6MOG
wlfraed@ix.netc om.com wulfraed@bestia ria.com

HTTP://wlfraed.home.netcom.com/

(Bestiaria Support Staff: web-asst@bestiaria. com)
HTTP://www.bestiaria.com/

**pmcgover@gmail.com** · Sep 25 '06, 11:15 AM

Re: Converting Perl Web Report to Python

Thanks again Dennis,
This should do what I want with additional flexibility... I will
develop the code later this week. During this excersize, I have come
to really appreciate Python over Perl. I love the Python command line
interpreter that allowed me to pretest any code very quickly. What
Python learning resource (book web link or both) do you recommend?
Pat

Dennis Lee Bieber wrote:

On 24 Sep 2006 14:05:29 -0700, "pmcgover@gmail .com" <pmcgover@gmail .com>
declaimed the following in comp.lang.pytho n:
>
>

download and install the required MySQLdb module. In any event, I
would like to know how to search and replace a given string in the sql
to a user supplied value before execution.

I would not even want to try to code that. I will mention that the
default mode for MySQLdb is to use %s as the substitution field, and
since both scripts used the same SQL file...
>

For example, lets say that your sql script looks like this:

-=-=-=-=-=-=-=-=-=- script1.sql

select name, URL, description, occurs
from comics
where URL like '%MyParam_1%' # Note that "MyParam_1" represents
a "catch" string.
order by name;

-=-=-=-=-=-=-=-=-=-

select name, URL, description, occurs
from comics
where URL like %s
order by name;
>
Then, on the cursor.execute( ) call:
>

cr.execute(quer y) #no parameters assumed

>
cr.execute(quer y, ("%" + MyParam_1 + "%",))
>
{MySQLdb /can/ work with a singleton for convenience, but the DB-API
emphasizes a tuple be passed, hence the (... ,) to create a tuple}
>
I'm presuming you do not require the "user" to enter the % wildcards
on search terms.
>
MySQLdb can also be fed with a dictionary (last time I looked, at
least) so something like:
>
select name, URL, description, occurs
from comics
where URL like %(MyParam_1)s or URL like %(MyParam_2)s
order by name;
>
and
>
params = {}
params["MyParam_1"] = "%" + somevariable + "%"
params["MyParam_2"] = "%" + anotherstring + "%"
cr.execute(quer y, params)
>
may be possible (I've never used this mode, so no confirmation).
--
Wulfraed Dennis Lee Bieber KD6MOG
wlfraed@ix.netc om.com wulfraed@bestia ria.com

HTTP://wlfraed.home.netcom.com/

(Bestiaria Support Staff: web-asst@bestiaria. com)
HTTP://www.bestiaria.com/

**metaperl** · Sep 25 '06, 12:45 PM

Re: Converting Perl Web Report to Python

pmcgover@gmail. com wrote:

Thanks again Dennis,
This should do what I want with additional flexibility... I will
develop the code later this week. During this excersize, I have come
to really appreciate Python over Perl. I love the Python command line
interpreter that allowed me to pretest any code very quickly. What
Python learning resource (book web link or both) do you recommend?

I have 3 O'Reilly books that are indispensable: "Python Pocket
Reference", "Python Cookbook", and "Learning Python"

Converting Perl Web Report to Python

Converting Perl Web Report to Python

Comment

Comment

Comment

Comment