I'm trying to insert data into a sequel table using variables. The following statement is the one causing errors:
cursor.execute("INSERT INTO %s (avg_time,max_time) VALUES (%s,%s)", (SOURCE, reav, remax))
The error is:
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near ''USA' (avg_time,max_time)
VALUES ('6.997','7.071')' at line 1")
Anyone know where I've gone wrong?
Change this:
cursor.execute("INSERT INTO %s (avg_time,max_time) VALUES (%s,%s)", (SOURCE, reav, remax))
To this:
cursor.execute("INSERT INTO %s (avg_time,max_time) VALUES (%%s,%%s)" % SOURCE, (reav, remax))
Found here
Although this would seem to be prone to SQL injection with the table name given it's using string formatting.
Related
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 28 days ago.
I am making an app in python flask, and I executed a sql query. I am using Mysql server 8.0.
My code is:
mydb = mysql.connector.connect(
host="localhost",
user="...",
password=".....",
database="....."
)
cursor = mydb.cursor()
sql = "INSERT INTO calender_events (class,date,title,desc) VALUES (%s, %s ,%s, %s)"
val = (str(student_class), str(date.today()),title,desc)
cursor.execute(sql, val)
mydb.commit()
I get the error:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc) VALUES ('8a', '2023-01-23' ,'er', 'er')' at line 1
although my syntax is correct, I think. I do not know my this error is occuring. Any help would be greatly appreciated. Thanks!
This is because desc is a reserved word in MySQL. See this question, which shows you should use
sql = "INSERT INTO calender_events (class,date,title,`desc`) VALUES (%s, %s ,%s, %s)"
note the backticks around desc. Alternatively, you could use a different name for this column, maybe description?
table name: 'tickers_list' (table has only 1 column)
column name: 'Ticker'
The following works:
sql = "INSERT INTO tickers_list (Ticker) VALUES ('AAPL')"
mycursor.execute(sql)
mydb.commit()
But when I try to set it up to accept variables, it's not working:
symbol = 'AAPL'
sql = "INSERT INTO tickers_list (Ticker) VALUES (%s)"
mycursor.execute(sql, symbol)
mydb.commit()
ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s)' at line 1
Where am I going wrong?
You need to execute with a tuple, and a tuple must contain at least one ,. In Python for a single value this means:
mycursor.execute(sql, (symbol,))
Which does look a bit weird, but it's just how it is. For multiple values it looks more normal, no trailing , is necessary.
In addition to what tadman says, strings need quotes:
... ("%s") ...
I want to send a hashed data to the database.thats my data:
0MPA00JQ'Q:0TGF6T?>TE)pRc1.kA<<\I<b3#ZaR<BXq].k#1A6mm"`>:s_c<+RjO:,Y$i2`Y;E
But because the data has a lot of symbols, I encounter the following error:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near
'0MPA00JQ'Q:0TGF6T?>TE)pRc1.kA<<\I<b3#ZaR<BXq].k#1A6mm">:s_c<+RjO:,Y$i2Y;E"",
"' at line 1
I tried many methods but none of them worked with the same error! Methods I used:
sql = """INSERT INTO {}(disc, data) VALUES (""{}"", ""{}"")""".format(tb,hash_for_data(disc),hash_for_data(data))
sql = """INSERT INTO %s(disc, data) VALUES (""%s"", ""%s"")""" % (TABLE, HASHED_DATA_1, HASHED_DATA_2)
And a few other methods
The only way it worked was to finally hash the hash data:
base64.b16encode(HASHED DATA)
In this way the output is equal to the digit without the symbol
I am trying to insert a string
insert_cmd = "INSERT INTO inv values (\""+str(row[1])+"\",\""+str(row[2])+"\")
(cur.execute(insert_cmd))
Error Message:
pymysql.err.ProgrammingError: (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'google search appliance"","active","D\' at line 1')
Better to use query parameters to avoid quoting and other issues:
cur.execute("INSERT INTO inv values (%s, %s)", (str(row[1]), str(row[2])))
It's also a best practice to name your columns in case your model changes later:
"INSERT INTO inv (col1, col2) VALUES (%s, %s)"
I am trying to pass a query through my script, but i get a SQL error.
Running the same sql statement in Heidisql works fine.
My question is:
- What am I doing wrong?
error message
_mysql.connection.query(self, query)
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near 'Gabrielsen)' at line 1")
Python script where Database is the correct connection to database
F="Gunnar Gabrielsen"
Database.query('INSERT INTO documents (name) values (' + F + ');')
i=Database.query('SELECT * from documents;')
print(i)
Python version:Python 3.4
Module:Mysqldb
DB:MariaDB
You haven't put quotes around your value.
But you should never do it this way anyway. Quite apart from the quoting problem, you are opening yourself to sql injection attacks.
Use a parametrised query instead:
cursor.execute('INSERT INTO documents (name) values (%s)', (F,))
You have generated this:
INSERT INTO documents (name) values (Gunnar Gabrielsen);
What you need is
INSERT INTO documents (name) values ("Gunnar Gabrielsen");
But, without escaping or parameterizing, you are opening your code (and system) up to "sql injection" and other hacking.