We Keep Coding

Use table names as sql parameters in python [duplicate]

I have a syntax error in my python which which stops MySQLdb from inserting into my database. The SQL insert is below.
cursor.execute("INSERT INTO %s (description, url) VALUES (%s, %s);", (table_name.encode("utf-8"), key.encode("utf-8"), data[key].encode("utf-8")))
I get the following error in my stack trace.
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your
SQL syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near ''four' (description, url) VALUES ('', 'http://imgur.com/a/V8sdH')' at line 1")
I would really appreciate assistance as I cannot figure this out.
EDIT:
Fixed it with the following line:
cursor.execute("INSERT INTO " + table_name + " (description, url) VALUES (%s, %s);", (key.encode("utf-8"), data[key].encode("utf-8")))
Not the most sophisticated, but I hope to use it as a jumping off point.

It looks like this is your SQL statement:
cursor.execute("INSERT INTO %s (description, url) VALUES (%s, %s);", (table_name.encode("utf-8"), key.encode("utf-8"), data[key].encode("utf-8")))
IIRC, the name of the table is not able to be parameterized (because it gets quoted improperly). You'll need to inject that into the string some other way (preferably safely -- by checking that the table name requested matches a whitelisted set of table names)... e.g.:
_TABLE_NAME_WHITELIST = frozenset(['four'])
...
if table_name not in _TABLE_NAME_WHITELIST:
raise Exception('Probably better to define a specific exception for this...')
cursor.execute("INSERT INTO {table_name} (description, url) VALUES (%s, %s);".format(table_name=table_name),
(table_name.encode("utf-8"),
key.encode("utf-8"),
data[key].encode("utf-8")))

MySQL Python creating table with variable as name

I am working on a project with a friend and am new to sql databases. I want to have a database with tables named after the date they were created. I have tried multiple things but i thought .format() would be the best, but it didnt work. This is how it currently looks:
today = date.today()
d1 = today.strftime("%b-%d-%Y")
sql = "CREATE TABLE {table} (CEO VARCHAR(255), profits INTEGER(10))"
mycursor.execute(sql.format(table = d1))
i am also trying to insert into the database with .format:
sql = "INSERT INTO{table} (CEO, profits) values (%s, %s)"
mycursor.execute(sql.format(table = d1), (Company(c).get_CEO(), int(Company(c).get_profit())))
mydb.commit()
I get the error:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax;

You have no space between INTO and {table}

How to write proper MySQL Insert statement in Python?

I am trying to insert two columns of data into a MySQL table from Python. And my Insert statement is true, I guess. But I am still getting 1064 error code.
This is for MySQL server version 8.0.12 and Python 3.7. I had tried changing different methods of inserting dynamic variables.
#alter is the data value read from serial port
sql="select * from stds"
cur.execute(sql)
records=cur.fetchall()
if cur.rowcount>0:
print('Number of rows - ',cur.rowcount)
else:
print('No data in table')
for row in records:
print(row)
if row[1]==alter:
print("Student exists : ",row[1])
date = datetime.datetime.now()
print(type(date))
ins = (alter, date)
sql = "Insert into 'attendance' ('stdid', 'dt') VALUES (%s,%s)"
cur.execute(sql, ins)
cnn.commit()
print('Sucessfully Stored the Record')
#success(alter)
break
else:
print("Student doesn't exist")
I am getting this error message
Error:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''attendance' ('stdid', 'dt') VALUES ('FE0070E83D5B','2019-08-01 09:09:06.162304'' at line 1
And I am expecting that these read tag values are inserted successfully​.

Identifiers (e.g. column and table names) in MySQL (and most other flavors of SQL as well) do not take single quotes. They take either no quotes, double quotes, or maybe backticks in the case of MySQL. Try this version:
sql = "INSERT INTO attendance (stdid, dt) VALUES (%s, %s)"
ins = (alter, date)
cur.execute(sql, ins)
cnn.commit()

Using dynamic SQL statement in Python 3

I have a SQL statement to use in a MySQL database in my Python3 code. The code is as follows:
price = "1"
high = "2"
low = "3"
mycursor.execute("""
UPDATE
currency_price_fact
SET
%s = %s,
%s = %s,
%s = %s
WHERE currency_symbol = 'USD_gov'
""",(price,dict["USD_gov"]["p"].replace(",",""),high,dict["USD_gov"]["h"].replace(",",""),low,dict["USD_gov"]["l"].replace(",",""),))
But i am getting an error saying
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near
I think i know what is going on here, i am passing '1' = '4432' instead of 1 = '4432' but i do not know how to solve it.

dictionary variable formatting in Python's Mysqldb

i'm trying to use dictionary variable in mysqldb insert statement in python 2.7 :
cursor.execute("INSERT INTO DCPOWERSTATS(TS,TOTALPOWER,ITPOWER,AVAILABLEPOWER,PuE) VALUES (%s %s %s %s %s)",(dict_timestamp[key], dict_ABFeeds[key], dict_ABITLOAD[key], 1400, PuE))
and the table is :
sql_createpowertable = '''CREATE TABLE IF NOT EXISTS DCPOWERSTATS (TS DATETIME ,TOTALPOWER FLOAT,ITPOWER FLOAT, AVAILABLEPOWER FLOAT, PuE FLOAT)'''
cursor.execute(sql_createpowertable) .
when i try this I get the error:
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '483.9 334.4 1400 1.44706937799043)' at line 1")

You need commas after each %s in the insert statement:
INSERT INTO DCPOWERSTATS(TS,TOTALPOWER,ITPOWER,AVAILABLEPOWER,PuE) VALUES (%s, %s, %s, %s, %s)