This question already has an answer here:
How to prevent pandas dataframe from adding double quotes around #tmp when using sqlalchemy and sybase?
(1 answer)
Closed 2 years ago.
I using a framework, that creates temporary tables (sqlalchemy and pandas).
However, it creates a table surrounded by quotes, and in my case, I'm using Sybase and it returns an permission error.
When I create manually, without quotes works perfectly.
To workround it, I put \b at the beggining of string:
table_name=f'\b{table_name}'
When I test with \b, it erases the left quote, but I can't find a way to delete the closing quote.
Obs: I already tested table_name=f'\b{table_name}' + \u'\u007f'
For example:
table_name="#test"
df.to_sql(con=engine,name=table_name,index=False)
Generates following create:
CREATE TABLE "#test" (nome TEXT NULL)
I'm getting error, because quotes.
However, with this code, I can remove left quote:
table_name="\b#test"
df.to_sql(con=engine,name=table_name,index=False)
It generates:
CREATE TABLE #test" (nome TEXT NULL)
Thanks
If you have access to the string itself, you can always slice it to remove whatever characters you want. To remove the first and last ones:
>>> table_name = '"some test table"'
>>> table_name[1:-1] # No surrounding " characters.
some test table
Adding delete characters to the string (what you currently have) just affects the console output. Those characters are still present.
Assuming this is Sybase ASE and the error the OP is receiving is related to a syntax issue with the use of quotes, consider:
using double quotes around (table/column) names is referred to (in ASE) as quoted identifiers
ASE's default behavior is for quoted identifiers to be off (ie, generate an error if double quotes are used around (table/column) names)
in order to use quoted identifiers the client application needs to explicitly enable quoted identifiers either via a connection parameter or via the explicit command set quoted_identifier on
ASE also supports the use of square brackets ([]) around (table/column) names with the added benefit that there is no need to explicitly set quoted_identifier on
Again, assuming this is Sybase ASE, I'd want to find out if the client side app a) has the ability to use square brackets ([]) in place of double quotes or b) has the ability to enable quoted_identifier support or c) has the ability to disable quoted identifiers (ie, not wrap names in double quotes).
My problem is with pandas function to_sql, because when I pass the table name as parameter, it automatically adds quotes surround table name
You appear to be using the internal SQLAlchemy dialect for Sybase which is in the process of being replaced by the external SAP ASE (Sybase) dialect that I maintain. The issue with DDL rendering of #temp tables was fixed in version 1.0.1.
Related
I want to set a parameter for a python script by using the parameter field in PyCharm.
My config:
But the command in the Run console is:
python3 path_to_script.py '{app_id: picoballoon_network, dev_id: ferdinand_8c ... and so on
and not:
python3 path_to_script.py '{"app_id": "picoballoon_network", "dev_id": "ferdinand_8c" ... and so on
Basically, it deletes all " in the parameter.
Does anyone know how to turn this off?
My PyCharm version is:
PyCharm 2020.3.1 (Professional Edition)
Build #PY-203.6682.86, built on January 4, 2021
Runtime version: 11.0.9.1+11-b1145.37 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Windows 10 10.0
To avoid the quotation marks being deleted notice the rules to writing parameters that contain quotation marks.
Run/Debug Configuration: Python
Configuration tab
When specifying the script parameters, follow these rules:
Use spaces to separate individual script parameters.
Script parameters containing spaces should be delimited with double quotes, for example, some" "param or "some param".
If script parameter includes double quotes, escape the double quotes with backslashes, for example:
-s"main.snap_source_dirs=[\"pcomponents/src/main/python\"]" -s"http.cc_port=8189"
-s"backdoor.port=9189"
-s"main.metadata={\"location\": \"B\", \"language\": \"python\", \"platform\": \"unix\"}"
The case in the question would be a single parameter, lets apply the rules to the example:
'{"app_id": "picoballoon_network", "dev_id": "ferdinand_8c"'
Because it's a single parameter containing spaces it has to be surounded by quotation marks.
Since the content of the parameter also contains quotation marks they must be escaped using a backslash \. So applying the parameter formatting rules gives:
"'{\"app_id\": \"picoballoon_network\", \"dev_id\": \"ferdinand_8c\"}'"
(Side note): In the example the parameter was surrounded by Apostrophes, this may be unnecessary and will probably have to be stripped later in your Python code (the below example uses the strip method).
You can test it with this simple script:
import sys
import ast
your_dictionary = ast.literal_eval(sys.argv[1].strip("'"))
(Side note): Your example parameter is a string containing a Python dictionary, there are several ways to convert it, in the example I included the highest voted answer from this question: "Convert a String representation of a Dictionary to a dictionary?"
A screenshot showing the parameter and test code in use:
This question already has answers here:
Having both single and double quotation in a Python string
(9 answers)
Closed 3 years ago.
I'm looking for a way to declare a string that contains double quotes and single quote.
In javascript I would do
let str = `"," '`
But when I try the same syntax in python, my IDE shows this error
Python version 3.7 does not support backquotes, use repr() instead
How can I use repr() to achieve this result?
The reason the error message says what it does is because backquotes have never been used in Python to do what you want. Instead, they used to be a shortcut for using the repr function, that is no longer supported.
According to documentation it take an object
Everything is an object in Python, so there is no issue there. But there is an issue in that the repr function does not do what you want.
We need to go back to the original question instead:
I'm looking for a way to declare a string that contains double quotes and single quote.
In Python, you may either escape whichever quote is the one you used for the string, for example:
"\",\" '" # using double quotes
'"," \'' # using single quotes
Or you may use so-called triple quotes:
""""," '""" # like so
But beware that this does not work if you have the same kind of quote at the end of the string:
# '''"," '''' -- does not work!
'''"," \'''' # works, but it defeats the purpose
In each case, '"," \'' is the form that Python will use to report the string back to you.
The message in the IDE is referring to using backticks around a variable name or other expression. In Python 2, `someVar` was a shortcut for repr(someVar).
But this isn't really what you're trying to do. The message is simply hard-coded for any use of backticks.
You just have to escape the quotes that are the same as the string delimiter.
s = '"," \''
I figured that out
So literally all I had to do was this
text = repr(",'") # returns this string ",'"
The part that confused me was I wasn't sure how to pass the argument to the function since according to documentation I should have passed an object, not a string or a list of string. Until I realized that a string is an object too
A few examples that helped me to understand it in details
>>> print("123")
123
>>> print(repr("123"))
'123'
>>> print(repr(",'"))
",'"
I have a program in python and I want to insert data into a table(using insert into statement). I receive data from web(web scraping) and the data contain both single and double quotes. As you know MySQL allows to insert both single and double quotes to a table so the error is not from database. Problem appears when I use that data in python and an error appears.
No matters if i use single or double quotes in the string (insert into statement values) in python, in both ways error appears because of the data(that contain single or double quotes).I use MySQL and Connector/python and in my script I import mysql. I hope you got this, sorry about bad English.
Most likely explanation for the behavior is a SQL Injection vulnerability. (That's just a guess because we are speculating about code we haven't seen; only a description of the behavior.)
The short answer is to use prepared statements with bind placeholders
https://pynative.com/python-mysql-execute-parameterized-query-using-prepared-statement/
If for some reason that is not possible, then at a bare minimum, any potentially unsafe values included in SQL text must be properly escaped to make them safe for inclusion
(The single quote in Little Bobby Tables https://xkcd.com/327/ is not escaped.)
As example, this SQL will throw an error, because the second single quote ends the string literal, and what follows the end of the string literal "s wrong" is gibberish in terms of SQL:
INSERT INTO mytab (mycol) VALUES ( 'It's wrong' )
^
But this will work:
INSERT INTO mytab (mycol) VALUES ( 'It''ll work' )
^^
Because the single quote within the string literal is escaped, by preceding it with another single quote.
The OWASP project provides a good overview of SQL Injection.
https://www.owasp.org/index.php/SQL_Injection
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
I'm using python to read values from REST API and write to a MySQL table. One of the returned values is a JSON, which I want to store in the DB.
The value returned by the API has escaped quotes and looks something like:
{\"dashboard\":\"val\"}
When I use print, I see that the escape characters are replaced with the actual quotes (which is the desired outcome):
{"dashboard":"val"}
However, when I'm using the MySQLdb execute or executemany (with tokenised params) - the value written to the database has all the double quotes replaced with single quotes, making it a non-valid json:
{'dashboard':'val'}
How do I avoid that?
You should change your library into mysql.connector or pymysql or etc , because MySQLdb has some problems you can not predict. Even though your parameters and base_sql are correct. I recommend mysql.connector, because it is MySQL official library. https://dev.mysql.com/downloads/connector/python/
I came across some Python programs that connect to a MySQL database. In the code, I saw the query in the execute() function is enclosed withing 3 quotations("""). I would like to know the reason for this. I also noticed that 3 quotes are used only while creating, inserting, and updating the table and not while selecting a row.
cursor.execute("""create table student(id char(10),name char(10))""")
cursor.execute("select * from student")
Why?
It is not needed--the coder who made that just decided to use it for some reason (probably to add emphasis on that part).
A triple-quoted string is just that: a string. It has the same properties as a regular string object. There are only two differences:
It supports multiple lines. This saves you from having to place \n every time you want a newline.
It allows you to have single and double quotes without escaping. This could be useful with SQL commands.
In summary though, a triple-quoted string is a string:
>>> type("""a""")
<type 'str'>
>>> type("a")
<type 'str'>
>>>
and it is not needed in that code.