I am writing some data into Mysql database
one of the attribute is a link for example : "http://dbpedia.org/resource/Madigan%27s_Millions"
for some insertion there is an error: error is
Error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Millions',"http://dbpedia.org/resource/Madigan%27s_Millions"
I am suspecting that this error is coming because of the % operator in the link.
It is coming into a variable from a website and then it is suppose to enter in the database using SQL
Could somebody tell me, if I am thinking right what is apt solution for resolving it?in p
Your MySQL is not having a problem with %, but with an apostrophe. Check again what exactly you're inserting (I'm pretty sure it isn't what you thought it was) by printing to stderr and inspecting the server logs, or by using your framework's logging mechanism. If I'm right, use the mysql escape function or parametrized statements to convert your ' into \' (details)
Related
A student of mine is partaking on a piece of coursework where they create a small program / artefact and they have chosen to link Python with a database using pyodbc.
So far he can successfully connect and if he uses a select * from statement and then fetchall he can print out the whole database. But naturally to extend this work he wants to be able to filter results using where but it doesn't seem to work as intended and my experience in this is very limited.
For example the code:
cursor.execute("select * from Films where BBFC = '12'")
Gives this error
pyodbc.Error: ('07002', '[07002] [Microsoft][ODBC Microsoft Access
Driver] Too few parameters. Expected 1. (-3010) (SQLExecDirectW)')”
It is a database of films and wants to filter it by age rating (the bbfc column). I have taken a look myself and cant seem to fix the issue so any help or guidance would be massively appreciated.
The problem here might be some spelling mistakes or maybe a case senstive field name or table name. Would you be able to make sure that 'Films' and 'BBFC' are spelt correctly and match the DB?
I am using Python with psycopg2 module to get data from Postgres database.
The database is quite large (tens of GB).
Everything appears to be working, I am creating objects from the fetched data.
However, after ~160000 of created objects I get the following error:
I suppose the reason is the amount of data, but I could not get anywhere searching for a solution online. I am not aware of using any proxy and have never used any on this machine before, the database is on localhost.
It's interesting how often the "It's a local server so I'm not open to SQL injection" stance leads to people thinking that string interpolation is somehow easier than a parameterized query. In your case it's ended up with:
'... cookie_id = \'{}\''.format(cookie)
So you've ended up with something that's less legible and also fails (though from the specific error I don't know exactly how). Use parameterization:
cursor.execute("SELECT user_id, created_at FROM cookies WHERE cookie_id = %s ORDER BY created_at DESC;", (cookie,))
Bottom line, do it the correct way all the time. Note, there are cases where you must use string interpolation, e.g. for table names:
cursor.execute("SELECT * FROM %s", (table_name,)) # Not valid
cursor.execute("SELECT * FROM {}".format(table_name)) # Valid
And in those cases, you need to take other precautions if someone else can interact with the code.
I'm working on a script to automate a file load procedure. So, naturally I need to perform some stored procedures that already exist. I'm using pyodbc to connect to my database. I can SELECT perfectly fine from the database, but when I try to execute from the database I get this error:
pyodbc.ProgrammingError: ('42000', '[42000] [Microsoft][SQL Server Native Client 10.0]
Syntax error, permission violation, or other nonspecific error (0) (SQLExecDirectW)')
I can't figure out what the problem here is - the user has full DB admin permissions, the syntax is correct based off what the pyodbc official documentation says.
print("Executing SP")
conn.execute('{EXEC TEMP.s_p_test}')
print("SP Executed.")
Here, TEMP is the schema for the type of stored procedure in that specific database. I.e., it's the full name of the stored procedure. I feel like it's probably something stupidly obvious that I'm just missing.
I tried a couple of things to fix it. As #Brian Pendleton suggested, I had tried to change from an explicit database user defined via UID and PWD to trusted_connection=True. Unfortunately that did not change anything.
However, out of curiosity I decided to see what taking the curly braces out of the function call would do. The execution worked immediately and produced the desired output. It would seem that the documentation at pyodbc's wiki either shows bad examples or I found a bug I don't know how to replicate because I don't know what makes my situation abnormal.
Or, in other words, instead of
conn.execute('{EXEC TEMP.s_p_test}')
I used
conn.execute('EXEC TEMP.s_p_test')
I am using Django for an application that uses a simple filtering system. I want the filter to test if the title of my model contains a query string.
The code, stripped down, looks like this:
cards = Card.objects.filter(title__icontains=query)
print cards.query
which returns the following query (again, unnecessary stuff is stripped):
SELECT [...] FROM `ygo_card_card`
WHERE `ygo_card_card`.`title` LIKE %dark%
Which returns no results, even though it should. When I run this query manually, I get
SQL Error (1064): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%dark%' at line 1
If I wrap the %dark% part between apostrophes ('%dark%') when running manually, it works as expected. It seems to me that Django creates an incorrect query. Is this a bug or something that I can control by settings?
Any search returns irrelevant results, because the related keywords are too generic.
I use Django 1.6.5 and MySQL 5.5.38, running on Ubuntu Server 14.04 LTS.
The response is quite simple: I misinterpreted the problem.
The issue comes from an underlying problem: the MySQL LIKE statement is case-sensitive or insensitive depending on the collation and the Django filter used (icontains or contains) has no effect in the outcome. You can see this bug ticket for more information.
As Daniel Roseman pointed out, the .query property is not reliable, as the query is further processed by the database driver. This led me to believe that Django created a wrong query, while in fact it simply created a case-sensitive search that should have been case-insensitive, hence the lack of results.
In the end, the issue was resolved by changing the collation on columns, tables and the database.
I want to see the SQL code instead of doing an actual db.commit(). This is for a one-off database population script that I want to verify is working as intended before actually making the changes.
Try calling str() on the query object.
print query_object.str()
From:
How do I get a raw, compiled SQL query from a SQLAlchemy expression?
Other possible solutions:
SQLAlchemy: print the actual query
How to retrieve executed SQL code from SQLAlchemy
The newest (as of v0.9) answer is also:
Retrieving ultimate sql query sentence (with the values in place of any '?') (by Mike Bayer)