I have a python module which copy data from a table to a file.Im using postgresql as database server. COPY is the command is to be used to do the above action.
However in a blog (http://grokbase.com/t/postgresql/pgsql-general/058tagtped/about-error-must-be-superuser-to-copy-to-or-from-a-file) it states that, You can use \copy in 'psql' on the client side, but you have to be a superuser to do COPY on the server side, for security reasons. So I used \copy command. When I try to execute the below method, it results in error as
psycopg2.ProgrammingError: syntax error at or near "\" LINE 1: \copy
I can't find why its throwing error. can someone help me out?
def process():
query="\copy %s TO %s"%('test_table', 'test_file.txt')
#env.with_transaction()
def do_execute(db):
cursor = db.cursor()
cursor.execute(query)
do_execute is a database wrapper, which creates connection and
executes the query.
\ is an escape in Python strings, so your string contains the escape \c. However \c is an invalid escape in Python, and Python leaves invalid escapes unchanged, so "\copy" is just \copy. (Thus #tiziano's answer is misleading).
>>> print "\c"
\c
The real problem is that \copy is a psql command, not a server side PostgreSQL command. You can't use it with a client other than psql. You must instead use the psycopg2 support for COPY to do it via your client driver.
Related
I wish to create a trigger in MariaDB 5.5.68.
Base on this official example, I built this query:
query = ("""
DELIMITER //
create trigger set_uuid_query
before insert on DLMNT.QUERY for each row
begin
if new.id is null then
set new.id = uuid() ;
end if ;
end//
DELIMITER ;
""")
cursor = mydb.cursor()
cursor.execute(query)
for e in cursor:
print(e)
However, while this worked well with a MariaDB 5.5.64 via MySQL Workbench, this throws:
1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'DELIMITER //
create trigger set_uuid_query
before insert on DLMNT.QUERY for each' at line 1
I am afraid that this is not possible. While it is about MySQL, this answer states that DELIMITER is a client side thing.
Also, based on the last line of this doc, I though "\G" could be used as a delimiter, but this answer states something completely different (and it throws the exact same error anyway when I try it).
So, using this Python library, how can I make such a query ?
PS: the lib I am using is:
mysql-connector-python 8.0.27
You do not DELIMITER to create trigger, when using python (or any other) connector. DELIMITER is a command line client's special trick. Command line client wishes to know when to send a potentially multiline input query to the server. Usually it can rely on semicolons at the end of string, but not in the case of "complex" statements, such as trigger and stored procedure.
Is there any way to prevent escaping backslash in python peewee (peewee-2.8.8) ORM?
I would like to execute query in MySQL database:
SHOW MASTER STATUS\G
The "\G" part is essential! I need to the results in vertical form.
The problem is that peewee always escapes backslash (\) so it ends in MySQL as:
SHOW MASTER STATUS\\G
and of course MySQL issues an error:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\G' at line 1"
I tried to use plain "execute_sql" method:
cursor = RaDatabase.execute_sql('SHOW MASTER STATUS\G')
and also "raw" method:
query = BaseModel.raw('SHOW MASTER STATUS\G')
result = query.execute()
but both ended with escaping characters.
Have you tried using a "raw" string?
cursor = RaDatabase.execute_sql(r'SHOW MASTER STATUS\G')
For what it's worth, whatever you pass in to .execute_sql() is essentially handed over to the MySQL driver (pymysql, or whatever you're using). Peewee itself does not do any escaping.
I have a simple script that downloads data out of one database (Teradata), does some stuff to it, and uploads it into another (MySQL) database. This has worked well for months now, but yesterday in my logs I noticed that the script failed, and gave me back this error:
An error has occurred:
(<class '_mysql_exceptions.ProgrammingError'>, ProgrammingError(1064,
'You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near \'A435", NULL, "2018-01-18", 95,\' at line 1'), <traceback object
at 0x00000000019A1A48>)
It seems like the culprit may be one of the user-editable fields, although each of these fields is processed by mysqli_real_escape_string in PHP prior to writing to the database - so not sure there.
While it would be nice from a programming standpoint to understand exactly what happened here, I'm more concerned with editing the python script to include an error handler that just skips over any line that causes an error instead of exiting the entire script.
Here's the script:
# Upload this to MySQL
db = MySQLdb.connect(host='asdf',user='asdf',passwd='asdf',db='asdf')
cursor = db.cursor()
csv_data = csv.reader(file(csvfilename))
for row in csv_data:
cursor.execute('INSERT INTO `test` (field_1,field_2,field_3,field_4,field_5)'\
'VALUES(%s,%s,%s,%s,%s)',row);
db.commit()
# Close the connection to the database.
cursor.close()
When use MySQLdb package, triple quotes are used for quoting query string:
Document from link: http://mysql-python.sourceforge.net/MySQLdb.html
db.query("""SELECT spam, eggs, sausage FROM breakfast WHERE price < 5""")
In your case, it might coincidence that you have both single quote and double qutoe in the parsed line and then the script crashes the insertion execution.
the code is like below:
Connect server
MySQLdb.connect(host=ip, user='root', passwd='root',db='test',use_unicode=True,charset="utf8")
......
sql = "INSERT INTO ci(id,name) VALUES (493,u'Hello')"
print sql
ret = root.execute(sql)
.....
In the server, the tyoe of name is VARCHAR(1000). Then when i run this script, it shows error ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near
But when i replace u'Hello' with 'Hello', it is OK. So maybe it doesn't support unicode,then i insert unicode string such as "你好" to the table by GUI manually, it is also OK. I can not find what is the reason, who can help me
MySQL needs strings to be enclosed in straight quotes: '你好', 'u' symbol is not allowed. Just declare the whole string as Unicode and pass it to MySQL. Here I am using a prepared statement:
sql = u"INSERT INTO ci(id,name) VALUES (493,'你好')"
Don't forget to run "SET NAMES 'UTF-8'" (or UTF-16 - don't know, what encoding you are using) after you connect to MySQL to ensure, that the server will correctly interpret the string you send it.
I'm working on a project that requires me to programmatically create MySQL users from a django app. I can create the users just fine:
from django.db import connection, transaction
cursor = connection.cursor()
cursor.execute("CREATE USER %s#'%'", 'username')
cursor.execute("SET PASSWORD FOR %s#'%' = PASSWORD(%s)", ('username', 'pass'))
That works perfectly. The problem is when I try to grant permissions. The database name is also determined programmatically:
cursor.execute("GRANT SELECT ON %s.* TO %s#'%'", ('dbname', 'username'))
This results in a mysql error because when it does the string substitution, it places single quotes around the database name, which is syntactically incorrect:
DatabaseError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''dbname'.* to 'username'#'%'' at line 1")
How do I prevent the single quotes from being added around the %s for database name? I know that I could simply do the string substitution in Python and fix this, but that could potentially cause a SQL injection vulnerability.
Sometimes placeholders won't work (as you've found out), so you'll have to use string concatenation. Be careful - validate the string, make sure it's only composed of the characters you expect (don't just look for characters you don't expect), and you should be OK. Also get another developer to check your code, and comment it to make sure no-one else thinks you ought to be using placeholders.