1064 error while operating MySQL database with Python - python

I want to write a program in Python to control MySQL database, but the following error occurs
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; chec
k the manual that corresponds to your MySQL server version for the right syntax
to use near 'Code,type, number,Whether )VALUES ('cl8k-k520-fg45-d4sa-sd9k','n' at line 1")
Codeļ¼š
import pymysql
db = pymysql.connect("localhost", "root", "root", "test")
cursor = db.cursor()
sql = "INSERT INTO BOOKS(Activation Code, \
type, number,Whether ) \
VALUES (%s,%s,%s,%s)"
data = [("cl8k-k520-fg45-d4sa-sd9k",'n','10','n'),
("jhg6-58jh-gh8o-8uik-7jk8",'c','20','n'),
("x5hg-gf5h-4hj5-g4h5-fh5t",'y','999','n'),
("fg8j-h584-fd4g-fg4d-fgg4",'n','1','y'),
("4jk4-5kl4-4klk-4lji-4ghj",'e','6','n'),
]
cursor.executemany(sql,data)
db.close()
This is my first time to ask questions on this platform. I hope to get answers


enclose Activation Code as 'Activation Code'

Related

Python pymysql library using CREATE DATABASE with query sanitization results in error

This is while using pymysql==1.0.2
I am trying to run the DDL CREATE DATABASE newdb0001; and getting an error:
MySQLdb.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''newdb0001'' at line 1")
Here is an example (not working):
import MySQLdb
db = MySQLdb.connect(host=host, user=user, password=password)
sql = 'CREATE DATABASE %s;'
sqlparam = ('newdb0001',)
cursor.execute(sql, sqlparam)
db.commit()
This works, but is highly insecure, vulnerable to SQL injection from untrusted input!
import MySQLdb
db = MySQLdb.connect(host=host, user=user, password=password)
sql = 'CREATE DATABASE {0};'.format('newdb0001')
cursor.execute(sql)
db.commit()
How can I safely sanitize the database name through the SQL cursor? The second example is highly insecure from untrusted user input. I need the first example to work with SQL parameters in some way.

MySQLdb._exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server versi [duplicate]

This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 1 year ago.
I am trying to insert data into a MySQL table using my Flask app as shown below;
#Create MySQL connection and write data into the table user_data from the POST form
sql_cursor = mysql.connection.cursor()
sql_cursor.execute("""INSERT INTO user_data (make,model,trim,fuel_type,transmission,condition,body_type,region,descriptn,eng_capacity,year,mileage, estm_value)
VALUES (new_info['make'],new_info['model'],new_info['trim'],new_info['fuel_type'],new_info['transmission'],new_info['condition'],
add_bodytype['body_type'],add_region['region'],new_data['description'],new_data['eng_capacity'],year,new_data['mileage'], estm_value);""")
mysql.connection.commit()
sql_cursor.close()
This does not work too:
sql_cursor = mysql.connection.cursor()
sql_cursor.execute("INSERT INTO user_data (make,model,trim,fuel_type,transmission,condition,body_type,region,descriptn,eng_capacity,year,mileage, estm_value) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)", (new_info['make'],new_info['model'],new_info['trim'],new_info['fuel_type'],new_info['transmission'],new_info['condition'],add_bodytype['body_type'],add_region['region'],new_data['description'],new_data['eng_capacity'],year,new_data['mileage'], estm_value))
mysql.connection.commit()
sql_cursor.close()
I get the below error:
I get the below error:
MySQLdb._exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'condition,body_type,region,descriptn,eng_capacity,year,mileage, estm_value)\n ' at line 1")
Someone please help me.

The homepage explains how to use placeholders https://dev.mysql.com/doc/connector-python/en/connector-python-example-cursor-transaction.html
If your variables are all valid.
this should work
sql_cursor.execute("""INSERT INTO user_data (make,model,trim,fuel_type,transmission,condition,body_type,region,descriptn,eng_capacity,year,mileage, estm_value)"""\
""" VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s, %s);""",(new_info['make'],new_info['model'],new_info['trim'],new_info['fuel_type'],new_info['transmission'],new_info['condition'],
add_bodytype['body_type'],add_region['region'],new_data['description'],new_data['eng_capacity'],year,new_data['mileage'], estm_valu)))
mysql.connection.commit()
sql_cursor.close()

Apparently, your connection driver is not configured to accept line breaks \n, try change your template string using concatenation or all inline statement...
sql_cursor = mysql.connection.cursor()
sql_cursor.execute("""INSERT INTO user_data (make,model,trim,fuel_type,transmission,condition,body_type,region,descriptn,eng_capacity,year,mileage, estm_value) VALUES (new_info['make'],new_info['model'],new_info['trim'],new_info['fuel_type'],new_info['transmission'],new_info['condition'],add_bodytype['body_type'],add_region['region'],new_data['description'],new_data['eng_capacity'],year,new_data['mileage'], estm_value);""")
mysql.connection.commit()
sql_cursor.close()

Python MySQL, get special column names

I am using Python to fetch MySQL process.
The codes are shown below:
import mysql.connector
mydb = mysql.connector.connect(
host='192.168.95.9', user='root',
passwd='qwe123', database='information_schema')
cursor = mydb.cursor()
sql = "SELECT CONCAT('KILL ',id,';') FROM information_schema.processlist
WHERE `TIME`>100 AND `COMMAND` = 'Sleep' AND `DB` IN ('api','monitor', 'workflow');"
cursor.execute(sql)
cursor.fetchall()
The sql shown above can get results but in python, it returns nothing. When I get rid of the where condition, it returns values as expected. I also tried
sql = "SELECT CONCAT('KILL ',id,';') FROM information_schema.processlist WHERE \`TIME\`>100 AND \`COMMAND\` = 'Sleep' AND \`DB\` IN ('api','monitor', 'workflow');"
But it returns error:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\`TIME\`>100 lim
How to address this issue?

Python-MySQL prepared statement error while selecting where a value IS NULL

I want to select rows where a value is null but I get this error on executing using Python-MySQL prepared statement.
mysql.connector.errors.InterfaceError: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '?' at line 1
import mysql.connector
connection = mysql.connector.connect(database="XXXXX", user="XXXXX", password="XXXXX", host="XXXXX")
cursor = connection.cursor(prepared=True)
parameters = ["Ahmed", None]
statement = "SELECT * FROM Persons WHERE name_first = ? AND start_date IS ?"
cursor.execute(statement, tuple(parameters))

Can't execute a query with the right syntax using mysql.connector 8.0 in jupyter notebook

I'm trying to set up a small database for a simple card game using mysql.connector 8.0 in jupyter notebook, yet I can't execute any queries, it says that the syntax is wrong even though it's all good.
That's the code:
'''
import random
import collections
import mysql.connector
conn = mysql.connector.connect(
host='localhost',
user='root',
passwd='*****',
auth_plugin='mysql_native_password',
database='CardGame'
)
cur = conn.cursor()
query = "CREATE TABLE cards (id int PRIMARY KEY AUTO_INCREMENT,rank VARCHAR(1),suit VARCHAR(10))"
cur.execute(query)
conn.commit()
'''
That's the error I keep getting:
ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rank VARCHAR(1), suit VARCHAR(10))' at line 1

I don't have an access to a MySQL database at the moment but your create table has RANK as a column name which is also a keyword. Can you change that to something else and try it out?

Categories