I want to send a hashed data to the database.thats my data:
0MPA00JQ'Q:0TGF6T?>TE)pRc1.kA<<\I<b3#ZaR<BXq].k#1A6mm"`>:s_c<+RjO:,Y$i2`Y;E
But because the data has a lot of symbols, I encounter the following error:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near
'0MPA00JQ'Q:0TGF6T?>TE)pRc1.kA<<\I<b3#ZaR<BXq].k#1A6mm">:s_c<+RjO:,Y$i2Y;E"",
"' at line 1
I tried many methods but none of them worked with the same error! Methods I used:
sql = """INSERT INTO {}(disc, data) VALUES (""{}"", ""{}"")""".format(tb,hash_for_data(disc),hash_for_data(data))
sql = """INSERT INTO %s(disc, data) VALUES (""%s"", ""%s"")""" % (TABLE, HASHED_DATA_1, HASHED_DATA_2)
And a few other methods
The only way it worked was to finally hash the hash data:
base64.b16encode(HASHED DATA)
In this way the output is equal to the digit without the symbol
Related
I'm resorting to overflow as a last ditch effort. I have been facing this bug for an incredibly long time and I have had no luck. I will try anything.
My sql command is
update_query = """
UPDATE users_data
SET stocks = """+str(stock)+"""
WHERE id = """+str(userid)
cursor = connection.cursor(buffered=True)
cursor.execute(update_query)
connection.commit()
context:
the variable stock is a list before I use str() on it.
userid is an int before I use str() on it.
the column stocks has a datatype of mediumtext
the column id has a datatype of text
the error I receive is
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '['gme', '1']
WHERE id = 407081272293326858' at line 2
Please help
I am trying to execute this query in SQL using MySQL and python
The SQL
SET SQL_SAFE_UPDATES=0;
UPDATE temporder SET quantity=quantity+1 WHERE mealname=("Chicken Chow Mein")
My Python/MySQL implementation
setSQL="""SET SQL_SAFE_UPDATES = 0;"""
mycursor.execute(setSQL)
mydb.commit()
updateQuantitySQL="""UPDATE temporder SET quantity=quantity+1 WHERE mealname=%s"""
mycursor.execute(updateQuantitySQL,(selectedItemData[0]))
Resulting Error
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s' at line 1
I have isolated the error down to the line:
updateQuantitySQL="""UPDATE temporder SET quantity=quantity+1 WHERE mealname=%s"""
But when I execute the SQL in the Workbench it works correctly, (however SQL_SAFE_UPDATES must be set to 0)
Any help appreciated.
I'm trying to insert data into a sequel table using variables. The following statement is the one causing errors:
cursor.execute("INSERT INTO %s (avg_time,max_time) VALUES (%s,%s)", (SOURCE, reav, remax))
The error is:
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near ''USA' (avg_time,max_time)
VALUES ('6.997','7.071')' at line 1")
Anyone know where I've gone wrong?
Change this:
cursor.execute("INSERT INTO %s (avg_time,max_time) VALUES (%s,%s)", (SOURCE, reav, remax))
To this:
cursor.execute("INSERT INTO %s (avg_time,max_time) VALUES (%%s,%%s)" % SOURCE, (reav, remax))
Found here
Although this would seem to be prone to SQL injection with the table name given it's using string formatting.
I am trying to pass a query through my script, but i get a SQL error.
Running the same sql statement in Heidisql works fine.
My question is:
- What am I doing wrong?
error message
_mysql.connection.query(self, query)
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near 'Gabrielsen)' at line 1")
Python script where Database is the correct connection to database
F="Gunnar Gabrielsen"
Database.query('INSERT INTO documents (name) values (' + F + ');')
i=Database.query('SELECT * from documents;')
print(i)
Python version:Python 3.4
Module:Mysqldb
DB:MariaDB
You haven't put quotes around your value.
But you should never do it this way anyway. Quite apart from the quoting problem, you are opening yourself to sql injection attacks.
Use a parametrised query instead:
cursor.execute('INSERT INTO documents (name) values (%s)', (F,))
You have generated this:
INSERT INTO documents (name) values (Gunnar Gabrielsen);
What you need is
INSERT INTO documents (name) values ("Gunnar Gabrielsen");
But, without escaping or parameterizing, you are opening your code (and system) up to "sql injection" and other hacking.
I tried to make a python command to update mysql on key duplicate
sql.run("INSERT INTO snapshots (id,username,data) VALUES ('%s','%s','%s') ON DUPLICATE KEY UPDATE data = VALUES(%s)" % (id,user.name,json.dumps(data),json.dumps(data)))
It works on data insert but on key duplicate, it throws this error
/usr/local/lib/python2.7/dist-packages/memsql/common/database.py at 166 > (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'{"achievements": {"150": 1448983913.491705, "200": 1448984742.809708, "204": 144\' at line 1')
I have tried KEY UPDATE data = '%s', KEY UPDATE data = VALUES(%s) and KEY UPDATE data = VALUES('%s') but none of them works.
What exactly did I do wrong here?
The root cause of the error is json-dumped string with not escaped " characters, caused by direct substituting the data into the query.
As #mgilson said, use cursor.execute() method and database driver will take care of escaping.