I need to replicate the below function in Python. I included the working PHP code and need help on the Python side as I'm now totally lost.
A RFID card is read and tag transferred to Python over serial. This portion of the code works. WHat I am having trouble with is inserting this string of information as the string of information to be looked up in mySQL
<?php
require 'database.php';
$UIDresult=$_POST["UIDresult"];
$Write="<?php $" . "UIDresult='" . $UIDresult . "'; " . "echo $" . "UIDresult;" . "?>";
file_put_contents('UIDContainer.php',$Write);
$pdo = Database::connect();
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT * FROM table_mkaccess where id = ?";
$q = $pdo->prepare($sql);
$q->execute(array($UIDresult));
$data = $q->fetch(PDO::FETCH_ASSOC);
Database::disconnect();
$msg = null;
if (null==$data['name']) {
$msg = "0";
$data['id']=$UIDresult;
} else {
$msg = "1";
}
echo $msg;
?>
Python Code I have tried so far, what am I missing.
import serial
import mysql.connector
rfid = serial.Serial(port = "/dev/ttyUSB0", baudrate=9600)
while True:
if (rfid.in_waiting > 0):
UID = rfid.readline()
UID = UID.decode('Ascii')
mydb = mysql.connector.connect(
host = "localhost",
user = "****",
password = "****",
database = "****")
mycursor = mydb.cursor(buffered=True)
sql = "SELECT * FROM table_mkaccess WHERE id = '%s'"
mycursor.execute(sql,(UIDresult,))
data = mycursor.fetchall()
if data ==0:
print('0')
else:
print('1')
UPDATE:
Now receiving the following error
Traceback (most recent call last): File "/home/base/testing3.py",
line 17, in
mycursor.execute(sql,(UIDresult,))
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '47D0D393\r\n'''
at line 1
A few changes:
UID = UID.rstrip() to get rid of the trailing white space (carriage return and newline characters, unless you actually want those characters stored in the database)
sql = "SELECT * FROM table_mkaccess WHERE id = %s" (For prepared statements, you do not want quotes around the %s placeholder. If the supplied actual value is a string, the SQL driver will do "the right thing" with the value.)
mycursor.execute(sql, (UID,)) (Use the correct variable)
You have to add the UID to the query polacholder
mycursor = mydb.cursor(buffered=True)
sql = "SELECT * FROM table_mkaccess WHERE id = %s"
mycursor.execute(sql,(UID,))
data = mycursor.fetchall()
Related
import pymysql
from datetime import datetime
db = pymysql.connect(host = "localhost", user = "root", password = "mariadb", charset = "utf8");
cursor = db.cursor();
nm = 'park dong ju'
temp = 36.5
n_route = '->podium',
if nm != "" and temp != 0:
cursor.execute("USE SD;")
select_name ="SELECT name FROM PI WHERE name = '%s'"
select_route = "SELECT route FROM PI WHERE name = '%s'"
cursor.execute(select_name,(nm,))
PI_name = cursor.fetchone()
cursor.execute(select_route,(nm,))
PI_route = cursor.fetchone()
db.commit()
str_route = str(PI_route)
route = str_route + n_route
current_time = datetime.now()
insert_er = "INSERT INTO ER(name,temp,route,time) VALUES('%s',%.2f,'%s','%s')"
cursor.execute(insert_er,(nm,tmep,route,current_time))
name = ""
temp = 0
db.commit()
db.close()
this is my code
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'park_dong_ju''' at line 1")
this is error about code
When you use MySql placeholders, you don´t need to format them and don´t need tu use quotation marks. The MySql cursor will try to convert your data types. You can change your query as:
insert_er = "INSERT INTO ER(name,temp,route,time) VALUES(%s,%s,%s,%s)"
cursor.execute(insert_er,(nm,tmep,route,current_time))
And you can modify your first queries too, and remove your quotation marks:
select_name ="SELECT name FROM PI WHERE name = %s"
select_route = "SELECT route FROM PI WHERE name = %s"
cursor.execute(select_name,(nm,))
PI_name = cursor.fetchone()
cursor.execute(select_route,(nm,))
I am trying to retrieve data from MySQL. Unfortunately, I am getting the error s below:
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server
version fo r the right syntax to use near '1=,-5000,1)) AND
(IF(3=,5000,3)))at line 1")
volumeMin and volumeMax I put as integer. In actual, it can be float. How can I fix the error?
import MySQLdb
import MySQLdb.cursors
db = MySQLdb.connect(host='xxx.mysql.pythonanywhere-services.com',user='xxx',passwd='xxx',db='xxx$default',cursorclass=MySQLdb.cursors.DictCursor)
curs = db.cursor()
name ='G%'
volumeMin = 1
volumeMax = 3
#request args was initially want to retrieve data from external app
#but eventually found that the problem is in MySQL request
"""name = request.args['name']
volumeMin = request.args['volumeMin']
volumeMax = request.args['volumeMax']
"""
query0 = "SELECT * FROM KLSE WHERE Stock LIKE %s AND "
query2 = "(Volume_changes_pc BETWEEN (IF %s='_',-5000,%s)) AND (IF(%s='_',5000,%s)))"
query = query0+query2
input = name,volumeMin,volumeMin,volumeMax,volumeMax
print query
print input
print (query,(input))
curs.execute(query,(input))
a = curs.fetchall()
output of print (query,(input))
('SELECT * FROM KLSE WHERE Stock LIKE %s AND (Volume_changes_pc BETWEEN (IF %s=_,-5000,%s)) AND (IF(%s=_,5000,%s))) AND MACD LIKE %s ', ('G%', 1, 1
, 3, 3, 'H'))
solved
query2 = "(Volume_changes_pc BETWEEN (IF (%s='_',-5000,%s)) AND (IF(%s='_',5000,%s)))"
miss out a bracket
I am trying to access SQL server 2008 R2 from Eclipse pydev ( python 3.2 ) on win7 .
I need to create a table on database.
The code can be run well. But, I cannot create tables in the database.
If I print the sql string and run the query from SQL server management studio, no problems.
import pyodbc
sql_strc = " IF OBJECT_ID(\'[my_db].[dbo].[my_table]\') IS NOT NULL \n"
sql_strc1 = " DROP TABLE [my_db].[dbo].[my_table] \n"
sql_stra = " CREATE TABLE [my_db].[dbo].[my_table] \n"
sql_stra1 = "(\n"
sql_stra1a = " person_id INT NOT NULL PRIMARY KEY, \n"
sql_stra1b = " value float NULL, \n"
sql_stra1r = "); \n"
sql_str_create_table = sql_strc + sql_strc1 + sql_stra + sql_stra1 + sql_stra1a + sql_stra1b + sql_stra1r
# create table
sql_str_connect_db = "DRIVER={SQL server};SERVER={my_db};DATABASE={my_table};UID=my_id; PWD=my_password"
cnxn = pyodbc.connect(sql_str_connect_db)
cursor = cnxn.cursor()
cursor.execute( sql_str_create_table)
Any help would be appreciated.
Thanks
Autocommit is off by default, add the following to commit your change:
cnxn.commit()
Some unsolicited advice for making your code more readable:
Remove unnecessary escape characters from SQL strings
Use triple-quote (""") syntax when defining multiline strings. Newline characters are preserved and don't need to be explicitly added.
Use keywords in the connect function call (this is trivial, but I think it makes formatting easier)
With these changes, your final code looks something like:
import pyodbc
sql = """
IF OBJECT_ID('[my_db].[dbo].[my_table]') IS NOT NULL
DROP TABLE [my_db].[dbo].[my_table]
CREATE TABLE [my_db].[dbo].[my_table]
(
person_id INT NOT NULL PRIMARY KEY,
value FLOAT NULL
)
"""
cnxn = pyodbc.connect(driver='{SQL Server}', server='server_name',
database='database_name', uid='uid', pwd='pwd')
cursor = cnxn.cursor()
# create table
cursor = cursor.execute(sql)
cnxn.commit()
I am using python to insert a string into MySQL with special characters.
The string to insert looks like so:
macaddress_eth0;00:1E:68:C6:09:A0;macaddress_eth1;00:1E:68:C6:09:A1
Here is the SQL:
UPGRADE inventory_server
set server_mac = macaddress\_eth0\;00\:1E\:68\:C6\:09\:A0\;macaddress\_eth1\;00\:1E\:68\:C6\:09\:A1'
where server_name = 'myhost.fqdn.com
When I execute the update, I get this error:
ERROR 1064 (42000):
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'UPGRADE inventory_server
set server_mac = 'macaddress\_eth0\;00\:1E\:68\:C6\:09\' at line 1
The python code:
sql = 'UPGRADE inventory_server set server_mac = \'%s\' where server_name = \'%s\'' % (str(mydb.escape_string(macs)),host)
print sql
try:
con = mydb.connect(DBHOST,DBUSER,DBPASS,DB);
with con:
cur = con.cursor(mydb.cursors.DictCursor)
cur.execute(sql)
con.commit()
except:
return False
How can I insert this text raw?
This is one of the reasons you're supposed to use parameter binding instead of formatting the parameters in Python.
Just do this:
sql = 'UPGRADE inventory_server set server_mac = %s where server_name = %s'
Then:
cur.execute(sql, macs, host)
That way, you can just deal with the string as a string, and let the MySQL library figure out how to quote and escape it for you.
On top of that, you generally get better performance (because MySQL can compile and cache one query and reuse it for different parameter values) and avoid SQL injection attacks (one of the most common ways to get yourself hacked).
Welcome to the world of string encoding formats!
tl;dr - The preferred method for handling quotes and escape characters when storing data in MySQL columns is to use parameterized queries and let the MySQLDatabase driver handle it. Alternatively, you can escape quotes and slashes by doubling them up prior to insertion.
Full example at bottom of link
standard SQL update
# as_json must have escape slashes and quotes doubled
query = """\
UPDATE json_sandbox
SET data = '{}'
WHERE id = 1;
""".format(as_json)
with DBConn(*client.conn_args) as c:
c.cursor.execute(query)
c.connection.commit()
parameterized SQL update
# SQL Driver will do the escaping for you
query = """\
UPDATE json_sandbox
SET data = %s
WHERE id = %s;
"""
with DBConn(*client.conn_args) as c:
c.cursor.execute(query, (as_json, 1))
c.connection.commit()
Invalid JSON SQL
{
"abc": 123,
"quotes": "ain't it great",
"multiLine1": "hello\nworld",
"multiLine3": "hello\r\nuniverse\r\n"
}
Valid JSON SQL
{
"abc": 123,
"quotes": "ain''t it great",
"multiLine1": "hello\\nworld",
"multiLine3": "hello\\r\\nuniverse\\r\\n"
}
Python transform:
# must escape the escape characters, so each slash is doubled
# Some MySQL Python libraries also have an escape() or escape_string() method.
as_json = json.dumps(payload) \
.replace("'", "''") \
.replace('\\', '\\\\')
Full example
import json
import yaml
from DataAccessLayer.mysql_va import get_sql_client, DBConn
client = get_sql_client()
def encode_and_store(payload):
as_json = json.dumps(payload) \
.replace("'", "''") \
.replace('\\', '\\\\')
query = """\
UPDATE json_sandbox
SET data = '{}'
WHERE id = 1;
""".format(as_json)
with DBConn(*client.conn_args) as c:
c.cursor.execute(query)
c.connection.commit()
return
def encode_and_store_2(payload):
as_json = json.dumps(payload)
query = """\
UPDATE json_sandbox
SET data = %s
WHERE id = %s;
"""
with DBConn(*client.conn_args) as c:
c.cursor.execute(query, (as_json, 1))
c.connection.commit()
return
def retrieve_and_decode():
query = """
SELECT * FROM json_sandbox
WHERE id = 1
"""
with DBConn(*client.conn_args) as cnx:
cursor = cnx.dict_cursor
cursor.execute(query)
rows = cursor.fetchall()
as_json = rows[0].get('data')
payload = yaml.safe_load(as_json)
return payload
if __name__ == '__main__':
payload = {
"abc": 123,
"quotes": "ain't it great",
"multiLine1": "hello\nworld",
"multiLine2": """
hello
world
""",
"multiLine3": "hello\r\nuniverse\r\n"
}
encode_and_store(payload)
output_a = retrieve_and_decode()
encode_and_store_2(payload)
output_b = retrieve_and_decode()
print("original: {}".format(payload))
print("method_a: {}".format(output_a))
print("method_b: {}".format(output_b))
print('')
print(output_a['multiLine1'])
print('')
print(output_b['multiLine2'])
print('\nAll Equal?: {}'.format(payload == output_a == output_b))
Python example how to insert raw text:
Create a table in MySQL:
create table penguins(id int primary key auto_increment, msg VARCHAR(4000))
Python code:
#!/usr/bin/env python
import sqlalchemy
from sqlalchemy import text
engine = sqlalchemy.create_engine(
"mysql+mysqlconnector://yourusername:yourpassword#yourhostname.com/your_database")
db = engine.connect()
weird_string = "~!##$%^&*()_+`1234567890-={}|[]\;':\""
sql = text('INSERT INTO penguins (msg) VALUES (:msg)')
insert = db.execute(sql, msg=weird_string)
db.close()
Run it, examine output:
select * from penguins
1 ~!##$%^&*()_+`1234567890-={}|[]\;\':"
None of those characters were interpreted on insert.
Although I also think parameter binding should be used, there is also this:
>>> import MySQLdb
>>> example = r"""I don't like "special" chars ¯\_(ツ)_/¯"""
>>> example
'I don\'t like "special" chars \xc2\xaf\\_(\xe3\x83\x84)_/\xc2\xaf'
>>> MySQLdb.escape_string(example)
'I don\\\'t like \\"special\\" chars \xc2\xaf\\\\_(\xe3\x83\x84)_/\xc2\xaf'
I am trying to update an entry in a table usinig Python cx_oracle. The column is named "template" and it has a data type of CLOB.
This is my code:
dsn = cx_Oracle.makedsn(hostname, port, sid)
orcl = cx_Oracle.connect(username + '/' + password + '#' + dsn)
curs = orcl.cursor()
sql = "update mytable set template='" + template + "' where id='6';"
curs.execute(sql)
orcl.close()
When I do this, I get an error saying the string literal too long. The template variable contains about 26000 characters. How do I solve this?
Edit:
I found this: http://osdir.com/ml/python.db.cx-oracle/2005-04/msg00003.html
So I tried this:
curs.setinputsizes(value = cx_Oracle.CLOB)
sql = "update mytable set template='values(:value)' where id='6';"
curs.execute(sql, value = template)
and I get a "ORA-01036: illegal variable name/number error"
Edit2:
So this is my code now:
curs.setinputsizes(template = cx_Oracle.CLOB)
sql = "update mytable set template= :template where id='6';"
print sql, template
curs.execute(sql, template=template)
I get an ORA-00911: invalid character error now.
Inserting values in sql statements is a very bad practice. You should use parameters instead:
dsn = cx_Oracle.makedsn(hostname, port, sid)
orcl = cx_Oracle.connect(username + '/' + password + '#' + dsn)
curs = orcl.cursor()
curs.setinputsizes(template = cx_Oracle.CLOB)
sql = "update mytable set template= :template where id='6'"
curs.execute(sql, template=template)
orcl.close()
Use IronPython
import sys
sys.path.append(r"...\Oracle\odp.net.11g.64bit")
import clr
clr.AddReference("Oracle.DataAccess")
from Oracle.DataAccess.Client import OracleConnection, OracleCommand, OracleDataAdapter
connection = OracleConnection('userid=user;password=hello;datasource=database_1')
connection.Open()
command = OracleCommand()
command.Connection = connection
command.CommandText = "SQL goes here"
command.ExecuteNonQuery()
Change your table definition. A varchar2 field can store up to 32767 bytes; so, if you're using an 8-bit encoding, you have a bit of room left to play with before resorting to LOBs.