Add an item; better crediting; fix error in SQL example; minor edits

This commit is contained in:
Andrew M. Kuchling 2006-04-14 20:35:17 +00:00
parent 8ed29143fc
commit 29b3d08604
1 changed files with 29 additions and 32 deletions

View File

@ -2,10 +2,10 @@
\usepackage{distutils} \usepackage{distutils}
% $Id$ % $Id$
% Fix XXX comments % Writing context managers
% The easy_install stuff % The easy_install stuff
% Stateful codec changes % Stateful codec changes
% cProfile % Fix XXX comments
% Count up the patches and bugs % Count up the patches and bugs
\title{What's New in Python 2.5} \title{What's New in Python 2.5}
@ -1400,7 +1400,8 @@ Please read the package's official documentation for more details.
%====================================================================== %======================================================================
\subsection{The hashlib package} \subsection{The hashlib package}
A new \module{hashlib} module has been added to replace the A new \module{hashlib} module, written by Gregory P. Smith,
has been added to replace the
\module{md5} and \module{sha} modules. \module{hashlib} adds support \module{md5} and \module{sha} modules. \module{hashlib} adds support
for additional secure hashes (SHA-224, SHA-256, SHA-384, and SHA-512). for additional secure hashes (SHA-224, SHA-256, SHA-384, and SHA-512).
When available, the module uses OpenSSL for fast platform optimized When available, the module uses OpenSSL for fast platform optimized
@ -1443,26 +1444,25 @@ current digest state, \method{digest()} and \method{hexdigest()}
return the digest value as a binary string or a string of hex digits, return the digest value as a binary string or a string of hex digits,
and \method{copy()} returns a new hashing object with the same digest state. and \method{copy()} returns a new hashing object with the same digest state.
This module was contributed by Gregory P. Smith.
%====================================================================== %======================================================================
\subsection{The sqlite3 package} \subsection{The sqlite3 package}
The pysqlite module (\url{http://www.pysqlite.org}), a wrapper for the The pysqlite module (\url{http://www.pysqlite.org}), a wrapper for the
SQLite embedded database, has been added to the standard library under SQLite embedded database, has been added to the standard library under
the package name \module{sqlite3}. SQLite is a C library that the package name \module{sqlite3}.
provides a SQL-language database that stores data in disk files
without requiring a separate server process. pysqlite was written by SQLite is a C library that provides a SQL-language database that
Gerhard H\"aring, and provides a SQL interface that complies with the stores data in disk files without requiring a separate server process.
DB-API 2.0 specification described by \pep{249}. This means that it pysqlite was written by Gerhard H\"aring and provides a SQL interface
should be possible to write the first version of your applications compliant with the DB-API 2.0 specification described by
using SQLite for data storage and, if switching to a larger database \pep{249}. This means that it should be possible to write the first
such as PostgreSQL or Oracle is necessary, the switch should be version of your applications using SQLite for data storage. If
relatively easy. switching to a larger database such as PostgreSQL or Oracle is
later necessary, the switch should be relatively easy.
If you're compiling the Python source yourself, note that the source If you're compiling the Python source yourself, note that the source
tree doesn't include the SQLite code itself, only the wrapper module. tree doesn't include the SQLite code, only the wrapper module.
You'll need to have the SQLite libraries and headers installed before You'll need to have the SQLite libraries and headers installed before
compiling Python, and the build process will compile the module when compiling Python, and the build process will compile the module when
the necessary headers are available. the necessary headers are available.
@ -1494,14 +1494,15 @@ c.execute("""insert into stocks
values ('2006-01-05','BUY','RHAT',100,35.14)""") values ('2006-01-05','BUY','RHAT',100,35.14)""")
\end{verbatim} \end{verbatim}
Usually your SQL queries will need to reflect the value of Python Usually your SQL operations will need to use values from Python
variables. You shouldn't assemble your query using Python's string variables. You shouldn't assemble your query using Python's string
operations because doing so is insecure; it makes your program operations because doing so is insecure; it makes your program
vulnerable to what's called an SQL injection attack. Instead, use vulnerable to an SQL injection attack.
SQLite's parameter substitution, putting \samp{?} as a placeholder
wherever you want to use a value, and then provide a tuple of values Instead, use SQLite's parameter substitution. Put \samp{?} as a
as the second argument to the cursor's \method{execute()} method. For placeholder wherever you want to use a value, and then provide a tuple
example: of values as the second argument to the cursor's \method{execute()}
method. For example:
\begin{verbatim} \begin{verbatim}
# Never do this -- insecure! # Never do this -- insecure!
@ -1510,7 +1511,7 @@ c.execute("... where symbol = '%s'" % symbol)
# Do this instead # Do this instead
t = (symbol,) t = (symbol,)
c.execute("... where symbol = '?'", t) c.execute('select * from stocks where symbol=?', ('IBM',))
# Larger example # Larger example
for t in (('2006-03-28', 'BUY', 'IBM', 1000, 45.00), for t in (('2006-03-28', 'BUY', 'IBM', 1000, 45.00),
@ -1540,15 +1541,6 @@ This example uses the iterator form:
>>> >>>
\end{verbatim} \end{verbatim}
You should also use parameter substitution with SELECT statements:
\begin{verbatim}
>>> c.execute('select * from stocks where symbol=?', ('IBM',))
>>> print c.fetchall()
[(u'2006-03-28', u'BUY', u'IBM', 1000, 45.0),
(u'2006-04-06', u'SELL', u'IBM', 500, 53.0)]
\end{verbatim}
For more information about the SQL dialect supported by SQLite, see For more information about the SQL dialect supported by SQLite, see
\url{http://www.sqlite.org}. \url{http://www.sqlite.org}.
@ -1625,6 +1617,7 @@ AST sprints at conferences such as PyCon.
new set, \cfunction{PySet_Add()} and \cfunction{PySet_Discard()} to new set, \cfunction{PySet_Add()} and \cfunction{PySet_Discard()} to
add and remove elements, and \cfunction{PySet_Contains} and add and remove elements, and \cfunction{PySet_Contains} and
\cfunction{PySet_Size} to examine the set's state. \cfunction{PySet_Size} to examine the set's state.
(Contributed by Raymond Hettinger.)
\item C code can now obtain information about the exact revision \item C code can now obtain information about the exact revision
of the Python interpreter by calling the of the Python interpreter by calling the
@ -1633,6 +1626,10 @@ string of build information like this:
\code{"trunk:45355:45356M, Apr 13 2006, 07:42:19"}. \code{"trunk:45355:45356M, Apr 13 2006, 07:42:19"}.
(Contributed by Barry Warsaw.) (Contributed by Barry Warsaw.)
\item The CPython interpreter is still written in C, but
the code can now be compiled with a {\Cpp} compiler without errors.
(Implemented by Anthony Baxter, Martin von~L\"owis, Skip Montanaro.)
\item The \cfunction{PyRange_New()} function was removed. It was \item The \cfunction{PyRange_New()} function was removed. It was
never documented, never used in the core code, and had dangerously lax never documented, never used in the core code, and had dangerously lax
error checking. error checking.