Negatives...

imageschool arithmetic course we all know that two negatives make a positive. Your humble servant all my life I was sure of this seemingly unshakable axiom. But recently, an event occurred that changed the world, and forced to watch the new look at familiar things.

In the process of developing administrative tools for club drunk needed to function anulowania all the results of specific games. It would seem that can be easier. Change the status of the game rolled back denormalization data with statistics of players, invalidiem operational caches that affect these data, and the trick is done. But bundles PostgreSQL and psycopg2 on this account was his own opinion that does not coincide with ideas of editorial.



Simplified the problematic query looked like this:

the cursor.execute("update pref_player set games=games-1, rating=rating-%s where player_id=%s", (rating, player_id))

That is, we have decremented the total number of games and anullirovat players scored in this game. The query is parameterized. Screened regular means psycopg2. There seems to be just a place to make a mistake. But really, when negative value rating, this query would turn into:

update pref_player set games=games-1, rating=rating

That is, there is an EXPLOSION, the BASE BREAKS IN the INTESTINE, and further in the text. In other words, a happily received two consecutive minus like a comment, and beat the data into the cabbage. And the driver psycopg2 all this joy missed without a cry. Though, probably, could determine that the request is the review and the number of screened parameters is not true.

This can be treated quite simply. Enough is rating=rating-%s say for example rating=rating-(%s) and everything is working as it should, But the fact of unconditional trust for processing parameterized queries of the database drivers need to be questioned.

Watch yourself, be careful and may the force be with you.
Article based on information from habrahabr.ru

Comments

Post a Comment

Popular posts from this blog

Powershell and Cyrillic in the console (updated)

Image
In the development process is very often necessary to run a powershell script from a console application. What could be easier? the #test.ps1 & $PSScriptRoot\ConsoleApp.exe Examine the behavior of console applications when running them from the command line, using PowerShell and using PowerShell ISE: execution Result In PowerShell ISE, there is a problem with encoding, as the ISE expects the output to the encoding 1251. Use Google and find two problem solving: c use [Console]::OutputEncoding and through the powershell pipeline. Let's use the first solution: test2.ps1 $ErrorActionPreference = "Stop" function RunConsole($scriptBlock) { $encoding = [Console]::OutputEncoding [Console]::OutputEncoding = [System.Text.Encoding]::GetEncoding("cp866") try { &$scriptBlock } finally { [Console]::OutputEncoding = $encoding } } RunConsole { & $PSScriptRoot\ConsoleApp1.exe } execution Result At the command prompt, all is well, bu
Read more

Active/Passive PostgreSQL Cluster, using Pacemaker, Corosync

Image
Description This article describes an example of configuring Active/Passive PostgreSQL cluster, using Pacemaker, Corosync. As the disk subsystem is considered the drive from the system data storage (CSV). Similar to the Windows Failover Cluster from Microsoft. Technical details: OS Version — CentOS 7.1 Version package pacemaker — 1.1.13-10 Package version pcs — 0.9.143 PostgreSQL — 9.4.6 As servers(2pcs) — iron server 2*12 CPU/ memory 94GB As a CSV(Cluster Shared Volume) — an array of class Mid-Range Hitachi RAID 1+0 Preparation of cluster nodes Rule /etc/hosts on both hosts and make the visibility of hosts to each other by short names, for example: the [root@node1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.1.66.23 node1.local.lan node1 10.1.66.24 node2.local.lan node2 Also make exchange between servers using SSH keys and
Read more

Automatic deployment ElasticBeanstalk using Bitbucket Pipelines

Image
bitbucket is a service ( Bitbucket Pipelines), which among other things allows extremely simple to automate the deployment of applications in the Amazon cloud, in particular using ElasticBeanstallk. To whom interesting, I ask under kat. the Prerequirements You should already be created ElasticBeanstalk application and deployed environments (in order to do this, refer to the official AWS documentation for, so, for example, unfolds Django ). Since the service is still undergoing testing, you need to request access to it here . the project setup Let's say we have two branches, master and we want to deplot on production environment and development — development environment. Create in the root of the project file bitbucket-pipelines.yml with the following content: the image: python:2.7.11 pipelines: branches: master: - step: script: - apt-get update # to install required zip - apt-get install -y zip # required for packaging up the application - pip install b
Read more