I am trying to execute this query in SQL using MySQL and python
The SQL
SET SQL_SAFE_UPDATES=0;
UPDATE temporder SET quantity=quantity+1 WHERE mealname=("Chicken Chow Mein")
My Python/MySQL implementation
setSQL="""SET SQL_SAFE_UPDATES = 0;"""
mycursor.execute(setSQL)
mydb.commit()
updateQuantitySQL="""UPDATE temporder SET quantity=quantity+1 WHERE mealname=%s"""
mycursor.execute(updateQuantitySQL,(selectedItemData[0]))
Resulting Error
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s' at line 1
I have isolated the error down to the line:
updateQuantitySQL="""UPDATE temporder SET quantity=quantity+1 WHERE mealname=%s"""
But when I execute the SQL in the Workbench it works correctly, (however SQL_SAFE_UPDATES must be set to 0)
Any help appreciated.
Related
I am trying to do a simple filter operation on a query in sqlalchemy, like this:
delete(label_pick_detail).where(label_pick_detail.c.tag.in_(set(tag_list)))
but it raise an error
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'[POSTCOMPILE_tag_1])\' at line 1")\n']
the query is
DELETE FROM label_pick_detail WHERE label_pick_detail.tag IN (__[POSTCOMPILE_tag_1])
what should I do?
I am using MySQL connector to write a database connection API and I am having a problem when using relational statements. When I write ">" in the string and pass it in as the query string, I get this SQL error because it does not recognize ">"
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to use near 'GHI_DATA.time_stamp >=
2019-5-10' at line 1 // Werkzeug Debugger</title>
I want to send a hashed data to the database.thats my data:
0MPA00JQ'Q:0TGF6T?>TE)pRc1.kA<<\I<b3#ZaR<BXq].k#1A6mm"`>:s_c<+RjO:,Y$i2`Y;E
But because the data has a lot of symbols, I encounter the following error:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near
'0MPA00JQ'Q:0TGF6T?>TE)pRc1.kA<<\I<b3#ZaR<BXq].k#1A6mm">:s_c<+RjO:,Y$i2Y;E"",
"' at line 1
I tried many methods but none of them worked with the same error! Methods I used:
sql = """INSERT INTO {}(disc, data) VALUES (""{}"", ""{}"")""".format(tb,hash_for_data(disc),hash_for_data(data))
sql = """INSERT INTO %s(disc, data) VALUES (""%s"", ""%s"")""" % (TABLE, HASHED_DATA_1, HASHED_DATA_2)
And a few other methods
The only way it worked was to finally hash the hash data:
base64.b16encode(HASHED DATA)
In this way the output is equal to the digit without the symbol
I am trying to pass a query through my script, but i get a SQL error.
Running the same sql statement in Heidisql works fine.
My question is:
- What am I doing wrong?
error message
_mysql.connection.query(self, query)
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near 'Gabrielsen)' at line 1")
Python script where Database is the correct connection to database
F="Gunnar Gabrielsen"
Database.query('INSERT INTO documents (name) values (' + F + ');')
i=Database.query('SELECT * from documents;')
print(i)
Python version:Python 3.4
Module:Mysqldb
DB:MariaDB
You haven't put quotes around your value.
But you should never do it this way anyway. Quite apart from the quoting problem, you are opening yourself to sql injection attacks.
Use a parametrised query instead:
cursor.execute('INSERT INTO documents (name) values (%s)', (F,))
You have generated this:
INSERT INTO documents (name) values (Gunnar Gabrielsen);
What you need is
INSERT INTO documents (name) values ("Gunnar Gabrielsen");
But, without escaping or parameterizing, you are opening your code (and system) up to "sql injection" and other hacking.
Currently, I have the following code for a function that takes in database_name as an argument to drop the database provided.
44 conn = self.db_eng.connect()
45 conn.execute(text('DROP DATABASE ":database_name"'), database_name=database_name)
47 conn.close()
Unfortuantely, I get the following error:
*** ProgrammingError: (pymysql.err.ProgrammingError) (1064, u'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'"\'dbname\'"\' at line 1') [SQL: u'DROP DATABASE "%s"'] [parameters: ('dbname',)]
when I specify the database_name as db_name.
I use text as I want to do input sanitation to whatever function is doing the database dropping. Is there a better way to drop a database with the provided name?
The response is quite clear, there is some wrong with your sql code, you can check the belowing links for more details
DROP DATABASE (Transact-SQL)
Dropping and recreating databases in Microsoft SQL Server