Why does this SQL query fail? - python

I have a database class which abstracts some basic crud logic.
The issue lies in the fetch_single method:
The sql_insecure query works fine, and returns the expected results.
The sql_prepared query doesn't return any errors, but also doesn't return any results which match the parameters, when they clearly do exist within the db.
sql_prepared follows the same approach to prepared statements that the insert_single method implements, and this method also returns the expected results.
My question is; why is the sql_prepared query not returning any results?
import sqlite3
class Database:
def __init__(self, db: str):
try:
self.conn = sqlite3.connect(db)
self.cursor = self.conn.cursor()
except sqlite3.Error as e:
print(e)
self.__del__
def fetch_all(self, table: str):
try:
query = self.cursor.execute("SELECT * FROM ?", table)
rows = self.cursor.fetchall()
return rows
except sqlite3.Error as e:
print(e)
return False
def fetch_single(self, table: str, column_name: str, column_value):
sql_formatted_value = "'{value}'".format(value=column_value)
placeholder = ":{column_name}".format(column_name=column_name)
sql_insecrue = "SELECT * FROM %s WHERE %s=%s Limit 1" % (
table, column_name, sql_formatted_value)
sql_prepared = "SELECT * FROM %s WHERE %s=%s LIMIT 1" % (
table, column_name, placeholder)
# try:
# self.cursor.execute(sql_insecrue)
# rows = self.cursor.fetchall()
# return rows
# except sqlite3.Error as e:
# print(e)
# return False
try:
self.cursor.execute(sql_prepared, [sql_formatted_value, ])
rows = self.cursor.fetchall()
return rows
except sqlite3.Error as e:
print(e)
return False
def insert_single(self, table: str, data: list):
columns = ""
placeholders = ""
values = []
data_length = len(data)
for index, (key, value) in enumerate(data):
# we need to dynamically build some strings based on the data
# let's generate some placeholders to execute prepared statements
columns += "{column_name}".format(column_name=key)
placeholders += ":{column_name}".format(column_name=key)
# let's fill the insert values into a list to use with execute
values.append(value)
# only add a comma if there is another item to assess
if index < (data_length - 1):
columns += ', '
placeholders += ', '
sql = "INSERT INTO %s (%s) VALUES (%s)" % (
table, columns, placeholders)
try:
self.cursor.execute(sql, values)
self.conn.commit()
except sqlite3.Error as e:
print(e)


You cannot substitute table name using ? in prepared statements because it is not considered a query parameter.
I recommend doing something like this:
self.cursor.execute(f"DELETE FROM {table} WHERE id=?", [id])
In other words, use standard python format statements to specify your table name, but use prepared statement anchors like ? for any query parameters.


okay, i found the problem.
its was my sloppy sql syntax.
using backticks around the table and column name solved the issue.
def fetch_single(self, table: str, column_name: str, column_value):
sql_formatted_value = "'{value}'".format(value=column_value)
placeholder = ":{column_name}".format(column_name=column_name)
sql_insecure = "SELECT * FROM %s WHERE %s=%s" % (
table, column_name, sql_formatted_value)
sql_prepared = "SELECT * FROM `%s` WHERE `%s`=%s" % (
table, column_name, placeholder)
print(sql_insecure)
print(sql_prepared)
# try:
# self.cursor.execute(sql_insecure)
# row = self.cursor.fetchall()
# print(row)
# return row
# except sqlite3.Error as e:
# print(e)
# return False
try:
self.cursor.execute(sql_prepared,
[column_value, ])
row = self.cursor.fetchone()
return row
except sqlite3.Error as e:
print(e)
return False

Related

How to properly count rows from mysql using python?

I am trying to get rows quantity from query using python to mysql. I've been using rowcount but returned value is always 0.
def getLastData(md5TwitterDate):
conectar = connection()
try:
cursor = conectar.cursor()
query = "SELECT fecha,numeroreporte,internoid FROM jsywe_ncnsismos_sismosigp WHERE internoid = '%s' and published=1"
cursor.execute(query, md5TwitterDate)
lastEvent = cursor.fetchall()
rowsa = cursor.rowcount
except Error as ex:
print("Error to get data: ", ex)
finally:
if conectar.is_connected():
conectar.close()
#return False if rowsa> 0 else True
return rowsa
Also tried this way setting a variable to cursor.execute but in this case always get none
def getLastData(md5TwitterDate):
conectar = connection()
try:
cursor = conectar.cursor()
query = "SELECT fecha,numeroreporte,internoid FROM jsywe_ncnsismos_sismosigp WHERE internoid = '%s' and published=1"
rowsa = cursor.execute(query, md5TwitterDate)
lastEvent = cursor.fetchall()
except Error as ex:
print("Error to get data: ", ex)
finally:
if conectar.is_connected():
conectar.close()
#return False if filas > 0 else True
return rowsa
Tested query on database and it works, it returns 1 row

Python: How do I query to pull data from sqlite3 table?

I'm trying to get my code to work but I keep getting this error.
File "C:\Users\mikae\Desktop\Sem 9\CSE115\Assignment 2\Actual\A2
(Version 5).py", line 186, in main
print_table_bookings(conn,booking_data[i])
IndexError: list index out of range
Currently, this is my code.
I'm not done with it, but I'm trying to write out two queries:
Find all the bookings of a specific trainer
Find the gender of the trainer for a type of training.
I've tried a lot of variations but I just can't get the logic down. I would appreciate feedback and any help that I can get.
Code
import sqlite3
from sqlite3 import Error
import os
# Create a connection to the SQLite database via DB file.
def create_connection(db_file):
"""create a database connection to the SQLite database
specified by db_file
:param db_file:database file
:return:Connection object or None
"""
conn = None
try:
conn = sqlite3.connect(db_file)
return conn
except Error as e:
print(e)
return conn
# Create tables from SQL statement
def create_table(conn,create_table_sql):
"""create a table from the create_table_sql statement
:param conn:Connection object
:param create_table_sql:a CREATE TABLE statement
:return:
"""
try:
c = conn.cursor()
c.execute(create_table_sql)
except Error as e:
print(e)
# Bookings Table
def print_table_bookings(conn, bookings):
sql=""" INSERT INTO bookings (booking_id,trainer_id,training_id,session_date,session_slot)
VALUES (?,?,?,?,?)"""
c = conn.cursor()
c.execute(sql,bookings)
conn.commit()
return c.lastrowid
# Trainers Table
def print_table_trainers(conn, trainers):
sql=""" INSERT INTO trainers (trainer_id,name,gender,mobile,specialisation,rate)
VALUES (?,?,?,?,?,?)"""
c = conn.cursor()
c.execute(sql,trainers)
conn.commit()
return c.lastrowid
# Trainings Table
def print_table_trainings(conn, trainings):
sql=""" INSERT INTO trainings (training_id,description,duration)
VALUES (?,?,?)"""
c=conn.cursor()
c.execute(sql,trainings)
conn.commit()
return c.lastrowid
# Print Tables
# Print Bookings
def display_bookings(conn):
c=conn.cursor()
c.execute("SELECT * FROM bookings")
rows=c.fetchall()
for row in rows:
print(row)
print("\n")
# Print Bookings
def display_trainers(conn):
c=conn.cursor()
c.execute("SELECT * FROM trainers")
rows=c.fetchall()
for row in rows:
print(row)
print("\n")
# Print Bookings
def display_trainings(conn):
c=conn.cursor()
c.execute("SELECT * FROM trainings")
rows=c.fetchall()
for row in rows:
print(row)
print("\n")
# Query to display Trainer's bookings by Trainer's Name
# NOT DONE
# Main Code
def main():
database = os.path.abspath(os.getcwd()) + "\healthhub.db"
# Create Bookings Table
sql_create_bookings_table = """CREATE TABLE IF NOT EXISTS bookings (
booking_id INTEGER PRIMARY KEY,
trainer_id INTEGER NOT NULL,
training_id TEXT,
session_date INTEGER NOT NULL,
session_slot TEXT NOT NULL,
FOREIGN KEY(trainer_id) REFERENCES trainer(id),
FOREIGN KEY(training_id) REFERENCES training(id)
);"""
# Create Trainer Table
sql_create_trainers_table = """CREATE TABLE IF NOT EXISTS trainers (
trainer_id INTEGER PRIMARY KEY,
name TEXT NOT NULL,
gender TEXT NOT NULL,
mobile TEXT NOT NULL,
specialisation TEXT NOT NULL,
rate INTEGER NOT NULL
);"""
# Create Trainings Table
sql_create_trainings_table = """CREATE TABLE IF NOT EXISTS trainings (
training_id INTEGER PRIMARY KEY,
description TEXT NOT NULL,
duration INTEGER NOT NULL
);"""
# Create a Database(DB) Connection
conn = create_connection(database)
# Create Tables using def above
if conn is not None:
create_table(conn,sql_create_bookings_table)
create_table(conn,sql_create_trainers_table)
create_table(conn,sql_create_trainings_table)
with conn:
# Error prevention
c=conn.cursor()
c.execute("DELETE FROM bookings;");
c.execute("DELETE FROM trainers;");
c.execute("DELETE FROM trainings;");
# Populating the tables
# Bookings table
booking_1 = (101,'001','0001','01082021','Morning')
booking_2 = (102,'001','0001','01082021','Morning')
booking_3 = (103,'001','0001','01082021','Morning')
booking_4 = (104,'001','0001','01082021','Morning')
booking_5 = (105,'001','0001','01082021','Morning')
booking_6 = (106,'001','0001','01082021','Morning')
booking_7 = (107,'001','0001','01082021','Morning')
booking_8 = (108,'001','0001','01082021','Morning')
booking_9 = (109,'001','0001','01082021','Morning')
booking_10 = (110,'001','0001','01082021','Morning')
# Trainers Table
trainer_1 = (2021,'Gary','Male','91234567','Weight Loss','85')
trainer_2 = (2022,'Bary','Male','91234568','Weight Loss','185')
trainer_3 = (2023,'Mary','Female','91234569','Weight Loss','85')
trainer_4 = (2024,'Stephanie','Female','91234570','Weight Loss','85')
trainer_5 = (2025,'Austin','Male','91234571','Weight Loss','65')
trainer_6 = (2026,'Tynia','Female','91234572','Weight Loss','85')
trainer_7 = (2027,'Oswald','Male','91234573','Weight Loss','55')
trainer_8 = (2028,'Aria','Female','91234574','Weight Loss','45')
trainer_9 = (2029,'Micheal','Male','91234575','Weight Loss','95')
trainer_10 = (2030,'Lily','Female','91234576','Weight Loss','105')
#trainings table
trainings_1 = (3031,'Weight Loss','90')
trainings_2 = (3032,'Cardio','90')
trainings_3 = (3033,'Boxing','90')
trainings_4 = (3034,'Kickboxing','90')
trainings_5 = (3035,'Muay Thai','90')
trainings_6 = (3036,'Kettlebells','90')
trainings_7 = (3037,'Strength training','90')
trainings_8 = (3038,'Yoga','90')
trainings_9 = (3039,'Sparring','90')
trainings_10 = (3040,'Jiu-jitsu','90')
#Loop to write data into table
booking_data = [booking_1,booking_2,booking_3,booking_4,booking_5,booking_6,booking_7,booking_8,booking_9,booking_10]
trainer_data = [trainer_1,trainer_2,trainer_3,trainer_4,trainer_5,trainer_6,trainer_7,trainer_8,trainer_9,trainer_10]
training_data = [trainings_1,trainings_2,trainings_3,trainings_4,trainings_5,trainings_6,trainings_7,trainings_8,trainings_9,trainings_10]
i=0
while i < 20:
print_table_bookings(conn,booking_data[i])
print_table_trainers(conn,trainer_data[i])
print_table_trainings(conn,training_data[i])
i=i+1
#Displaying Table
print_table_bookings(conn)
print()
print_table_trainers(conn)
print()
print_table_trainings(conn)
print()
if __name__=='__main__':
main()

here:
booking_1 = (101,'001','0001','01082021','Morning')
...
booking_data = [booking_1,booking_2,booking_3,booking_4,booking_5,booking_6,booking_7,booking_8,booking_9,booking_10]
...
create_table(conn,booking_data[i])
the booking_data[i] will never be a string containing a SQL instruction. Here you probably want to transform this tuple into a INSERT statement before you execute it.

In main() after you create the tables, you are trying to insert new rows with this loop:
i=0
while i < 20:
create_table(conn,booking_data[i])
create_table(conn,trainer_data[i])
create_table(conn,training_data[i])
i=i+1
in which you use create_table() instead of print_table_bookings(), print_table_trainers() and print_table_trainings().
Change to this:
i=0
while i < 20:
print_table_bookings(conn,booking_data[i])
print_table_trainers(conn,trainer_data[i])
print_table_trainings(conn,training_data[i])
i=i+1

How to insert a value in the same line sqlite3 using python

i have two function (in python). The first function defines a new variable which i have to insert in a sql table (first column). The second one, does the same thing, but i want to insert its variable (the second one) near the first variable, so in the second column but in the same line. How can i do with sql?.
connloc = sqlite3.connect("request.db")
sqlloc = "create table requests (" \
" chat_id INTEGER NOT NULL PRIMARY KEY,"\
" locpar varchar(20)," \
" stoppar varchar(20)," \
" locdes varchar(20) ," \
" stopdes varchar(20) );"
connloc.execute(sqlloc)
def name_loc(chat, message):
for i in result:
if message.text == i:
item = [i]
cloc = connloc.cursor()
cloc.execute("INSERT INTO requests(locpar) VALUES (?);", item)
connloc.commit()
def name_stop(chat, message):
for i in result:
for t in result[i]:
if message.text == t:
item = [t]
cloc = connloc.cursor()
cloc.execute("INSERT INTO requests(stoppar) VALUES (?);", item)
connloc.commit()

I would break it up into a two step process by defining two methods, one for table generation and then another second method for populating the new table like this:
def create_table(ptbl):
""" Assemble DDL (Data Definition Language) Table Create statement and build
sqlite3 db table
Args:
string: new db table name.
Returns:
Status string, '' or 'SUCCESS'.
"""
retval = ''
sqlCmd = ''
try:
conn = sqlite3.connect(sqlite_file)
c = conn.cursor()
if ptbl == 'TBL_EXAMPLE':
sqlCmd = 'CREATE TABLE IF NOT EXISTS ' + ptbl + ' (FIELD1 TEXT, FIELD2 INTEGER, FIELD3 TEXT, ' \
'FIELD4 TEXT, FIELD5 TEXT)'
else:
pass
if sqlCmd != '':
c.execute(sqlCmd)
conn.commit()
conn.close()
retval = 'SUCCESS'
except Error as e:
retval = 'FAIL'
print(e)
return retval
and then populate it as you like with the values (inserting your new row with those two specific values you mentioned).
Now, I'm populating from a csv file here, but I thinkit'll give you a really good solid start on this task.
def populate_tbl_file_marker_linenums(p_fml_tbl, p_fml_datafile):
""" Read csv and load data into TBL_FILE_MARKER_LINENUMS table ...
Args:
p_fml_tbl (TEXT) target table name
p_fml_datafile (TEXT) name of csv file to load into table
Returns:
retval (TEXT) - Status of method, e.g., 'SUCCESS'
"""
retval = ''
mode = 'r'
try:
conn = sqlite3.connect(sqlite_file)
c = conn.cursor()
csv_dataset = open(p_fml_datafile, mode)
csv_reader = csv.reader(csv_dataset)
c.executemany('INSERT INTO ' + p_fml_tbl + ' (FIELD1, FIELD2, FIELD3, FIELD4, FIELD5) VALUES (?, ?, ?, ?, ?)', csv_reader)
conn.commit()
conn.close()
retval = 'SUCCESS'
except Error as e:
print(e)
return retval

How to pass postgre sql schema in Python Dataset

I have a code to insert row:
try:
con = dataset.connect("postgresql://abc:abc#localhost:5432/dbname")
con.begin()
result = con.load_table("schema1.table_name").insert(document)
con.commit()
return result
except Exception as e:
return False
But I always get the error like this:
raise DatasetException("Table does not exist: %s" % self.name)
It's the issue related to schema, how can I pass schema name into this insert query?

For someone who need:
con = dataset.connect("postgresql://abc:abc#localhost:5432/dbname", schema=schema)

Pyscopg and Redshift, relation doesn't exists

I'm connecting to Redshift with Psycopg with the following piece of code
import psycopg2
con = psycopg2.connect(dbname='events', host=myhost,
port=my_post, user=my_user, password=my_pwd)
Then, check if a table called "event" exists and I do that like so
def table_exists(con, table_str):
#
exists = False
try:
cur = con.cursor()
cur.execute("select exists(select relname from pg_class where relname='" + table_str + "')")
exists = cur.fetchone()[0]
cur.close()
except psycopg2.Error as e:
print(e)
return exists
table_exists(con, "event")
Which returns True. However, when I try to read the table (for instance, below I try to return the column names) I get an error message saying that the "relation doesn't exists"
def get_table_col_names(con, table_str):
#
col_names = []
try:
cur = con.cursor()
cur.execute("select * from " + table_str + " LIMIT 0")
for desc in cur.description:
col_names.append(desc[0])
cur.close()
except psycopg2.Error as e:
print(e)
#
return col_names
get_table_col_names(con, "event")
Can you point me in the direction of what's happening?

for me its working fine
import psycopg2
rs_conn = psycopg2.connect(host='MYHOST',
user='NAME',
port='PORT NUM',
password='PASS',
dbname='DBNAME')
def get_table_col_names(con, table_str):
col_names = []
try:
cur = con.cursor()
cur.execute("select * from " + table_str + " LIMIT 0")
for desc in cur.description:
col_names.append(desc[0])
cur.close()
except psycopg2.Error as e:
print(e)
return col_names
columnnames = get_table_col_names(rs_conn, "TABLE NAME")
print(columnnames)
output:
[column names]

Categories

Resources