create a database or connect to one#
conn = sqlite3.connect('address_book.db')
# Create cursor#
c = conn.cursor()
# Insert Into Table#
SQL = "INSERT INTO address_book(;bookID,BookName,MemberID,MemberName,Issue,Return) VALUES (?,?,?,?,?,?)"
c.execute(SQL)
# Commit Changes#
conn.commit()
I am trying to write a function that allows me to insert stuff into my database but it brings up sqlite3.OperationalError: near ";": syntax error and i dont know why.
Related
I'm fairly new to databases/python and i've read that you're supposed to use prepared statements instead of string formatting
I had
conn = mysql.connector.connect(user=user, password=pw, host=host, database=db)
cursor = conn.cursor(prepared=True)
cursor.execute(f"DESCRIBE {table_name}")
fetch = cursor.fetchall()
table_columns = [col[0] for col in fetch]
where table_name was the name of my sql table. I'm attampting to change it to the code below
# Get the names of all the columns in the mySQL table
statement = "DESCRIBE %s"
cursor.execute(statement, (table_name,))
fetch = cursor.fetchall()
table_columns = [col[0] for col in fetch]
but I keep getting the following error:
mysql.connector.errors.InterfaceError: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1
I have a following query:
cursor = connection.cursor()
query = """
SELECT *
FROM `my_database`.table_a
"""
result = cursor.execute(query)
which works as expected. But I need to change my_database in cursor.execute. I try:
cursor = connection.cursor()
query = """
SELECT *
FROM %s.table_a
"""
result = cursor.execute(query, ("my_database",))
which gives an error pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''my_database'.table_a at line 2")
how can I insert database name in cursor.execute please?
It is not possible to bind a database name (or any other database object name) using a placeholder in a prepared statement. This would be, among other problems, a security risk. However, you might be able to use an f-string here instead:
cursor = connection.cursor()
db_name = "my_database"
query = f"""
SELECT *
FROM {db_name}.table_a
"""
result = cursor.execute(query)
It should also be mentioned that the above is only SQL injection safe if you are certain that the database name is not coming from outside your own application.
I wrote a Python function to modify the data and information entered in the database
def update(self):
con = pymysql.connect(
host = 'localhost',
user = 'root',
password = '',
database = 'employ')
cur = con.cursor()
cur.execute("update employees set family_members=%s, social_status=%s, gender=%s, date_birth=%s, id_number=%s, mail=%s, name=%s where id=%s",(
self.family_members_var.get(),
self.social_status_var.get(),
self.gender_var.get(),
self.date_birth_var.get(),
self.id_number_var.get(),
self.mail_var.get(),
self.name_var.get(),
self.id_var.get()
))
con.commit()
self.fetch_all()
self.clear()
con.close()
I got the following error:
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1")
I am trying to drop/delete a table from within Google Cloud SQL using Python (App Engine) but I want the table name to be based on a variable, for simplicity I am using 'hello' here. For some reason it is throwing back an error at me: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-IN' at line 1"
I tried the following:
tabNameShort = 'hello'
cursor = conn.cursor()
cursor.execute('DROP TABLE IF EXISTS %s', (tabNameShort))
conn.commit()
I also tried:
tabNameShort = 'hello'
cursor = conn.cursor()
cursor.execute('DROP TABLE IF EXISTS ' + tabNameShort)
conn.commit()
Any suggestions?
try this:
tabNameShort = 'hello'
cursor = conn.cursor()
cursor.execute('DROP TABLE IF EXISTS `%s`' % tabNameShort)
conn.commit()
A warning: appending the table name directly using '+' can result in an SQL injection vulnerability, if the table name is derived, directly or indirectly, from user input.
i am trying to send two SQL ( select and update) in one python file. but getting still error
cursor = cnx.cursor()
query = "select id, mail from `candidats`; UPDATE candidats SET statusmail=1 "
results = cursor.execute(query, multi=True)
for cur in results:
print('cursor:', cur)
print('result:', cur.fetchall())
cursor.close()
cnx.close()
getting this error:
mysql.connector.errors.InterfaceError: No result set to fetch from