I am trying to do a simple query in Python with mysql and I have this error and I don't know why I have this error:
ValueError: Could not process parameters
What I am doing is this:
mycursor = mydb.cursor()
sql="SELECT pathFile FROM googlesearch where tweetid=%d LIMIT 1"
print(lastid)
print(sql)
mycursor.execute(sql,(lastid),)
mydb.commit()
myresult = mycursor.fetchall()
print(myresult)
Why I have this error?. It is a simple query as you can see. Thanks
add a comma in the line:
mycursor.execute(sql,(lastid),)
(lastid,) is a tuple, but (lastid) is not.
So use mycursor.execute(sql,(lastid,),) instead (note the comma after lastid)
for futher reference check the docs here:
It says:
Note:
In Python, a tuple containing a single value must include a comma. For example, ('abc') is evaluated as a scalar while ('abc',) is evaluated as a tuple.
Related
as mentioned in the title i get this error when i try to execute a prepared statement. The full error is:
RuntimeError: No matching overloads found for prepareStatement in find. at native\common\jp_method.cpp:127
As far as i can understand is, that propably that since i am trying to use a prepared statement, that the compiler can not find something to overload the ? placeholder.
Code snippet:
curs = self.dbconn.cursor()
sqlLogin = ("SELECT name,email FROM BENUTZER where name=? and email=?", ( benutzerObjekt.name,benutzerObjekt.email))
curs.execute(sqlLogin)
The error seems to happen at curs.execute(sqlLogin), which is shown to me in the traceback when debugging.
I'm trying to use the input of an html input, which is stored in benutzerObjekt.name and benutzerObjekt.email as input for the select SQL statement. So most probably something is wrong with either my SQL statement, or the execution of the statement, which is underlined when debugging. I am using db2.
Thanks in advance!
You need to pass parameters as second argument in cursor.execute. Right now your query is a nested tuple of two items with first being a string and second item being a tuple of two values.
Consider separating the arguments for function call:
curs = self.dbconn.cursor()
# SINGLE STRING VALUE
sqlLogin = "SELECT name,email FROM BENUTZER WHERE name=? AND email=?"
# TUPLE OF TWO VALUES
vals = (benutzerObjekt.name, benutzerObjekt.email)
# PASS SQL AND PARAMS SEPARATELY
curs.execute(sqlLogin, vals)
Alternatively, you can unpack your nested tuple using asterisk, *:
sqlLogin = (
"SELECT name,email FROM BENUTZER where name=? and email=?",
(benutzerObjekt.name, benutzerObjekt.email)
)
curs.execute(*sqlLogin)
Working with a newly purchased RaspberryPi and I am very new to Python/MySQL so please excuse the naive question I am posting.
I have looked at many Q&A's about this but I cannot seem to get my head around 'why' this is failing. I get error: "must be string or read-only buffer, not tuple". My variable appears as a string if I test it with TYPE so now I am lost.
import MySQLdb
import time
db = MySQLdb.connect(host="localhost", user="user",passwd="easypwd", db="imagepi")
cursor = db.cursor()
current_time = time.strftime("%H:%M:%S")
current_date = time.strftime("%Y-%m-%d")
filename = (current_time+'.jpg')
sql = ("""INSERT INTO imagelocator(batch, date, time, filename) VALUES
('1001', current_date, current_time, %s)""", filename)
cursor.execute(sql)
db.commit()
db.close()
Thanks so much for offering me a little push in the right direction.
The sql variable is a tuple. One half of it is your SQL statement, and the other half is the token value for the %s parameter in your statement. However, simply passing a tuple to an argument does not break it apart and use each element in the tuple as a separate parameter. For that, you have to use an asterisk: function_to_call(*tuple_args) ... but I think you'll have a problem with that, as well, since the database cursor expects a string for the statement argument, and a sequence for the parameters argument. The parameters argument must be a sequence (tuple, list, set, etc.) even if there is only one value.
TL;DR - You need to do something more like this:
sql = "INSERT INTO table_name (a_column, b_column) VALUES ('asdf', %s)"
args = (filename,)
cursor.execute(sql, args)
... or, if you really wanted to be tricksy and use a tuple for everything:
sql = ("INSERT INTO table_name (a_column, b_column) VALUES ('asdf', %s)", (filename,))
cursor.execute(*sql)
Edit: I guess I didn't clarify... while enclosing a string with parentheses does not create a tuple, the addition of a comma does. So, (string_var) is not a tuple, while (string_var,) is. Hopefully, that removes any confusion with how the above code operates.
Also, here's some documentation on the asterisk stuff; both the boring official docs and an easier-to-understand blog post:
Boring Python docs
Blog post
I am using Python 3 with mysql connector
I am trying to run a Select statement on a db, but I am having problems with a prepared statement:
This is the piece of code that does the query
cursor = cnx.cursor()
name = 'Bob'
query = ('SELECT author FROM bib WHERE author=%s')
records = cursor.execute(query, name)
I tried different syntaxes, but all with the same result. If I try to insert Bob direct on the query string it works, but with the prepared statement
You have an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near '%s' at line 1
Thanks
As Wrikken pointed out in a comment, the params parameter to execute have to be a tuple or a dictionary:
iterator = cursor.execute(operation, params=None, multi=True)
This method executes the given database operation (query or command). The parameters found in the tuple or dictionary params are bound to the variables in the operation. Specify variables using %s or %(name)s parameter style (that is, using format or pyformat style). execute() returns an iterator if multi is True.
In fact, this is true of any DB-API 2.0 module:
Parameters may be provided as sequence or mapping and will be bound to variables in the operation.
So:
records = cursor.execute(query, (name,))
I'm trying execute a simple query, but getting this error no matter how I pass the parameters.
Here is the query (I'm using Trac db object to connect to a DB):
cursor.execute("""SELECT name FROM "%s".customer WHERE firm_id='%s'""" % (schema, each['id']))
schema and each['id'] both are simple strings
print("""SELECT name FROM "%s".customer WHERE firm_id='%s'""" % (schema, each['id']))
Result:
SELECT name FROM "Planing".customer WHERE firm_id='135'
There is on error is a remove quote after firm_id=, but that way parameter is treated a an integer and ::text leads to the very same error.
In my case I didn't realize that you had to pass a tuple to cursor.execute. I had this:
cursor.execute(query, (id))
But I needed to pass a tuple instead
cursor.execute(query, (id,))
I got this same error and couldn't for the life of me work out how to fix, in the end it was my mistake because I didn't have enough parameters matching the number of elements in the tuple:
con.execute("INSERT INTO table VALUES (%s,%s,%s,%s,%s)",(1,2,3,4,5,6))
Note that I have 5 elements in the values to be inserted into the table, but 6 in the tuple.
It is recommended to not use string interpolation for passing variables in database queries, but using string interpolation to set the table name is fine as long as it's not an external input or you restrict the allowed value. Try:
cursor.execute("""
SELECT name FROM %s.customer WHERE firm_id=%%s
""" % schema, (each['id'],))
Rules for DB API usage provides guidance for programming against the database.
Use AsIs
from psycopg2.extensions import AsIs
cursor.execute("""
select name
from %s.customer
where firm_id = %s
""",
(AsIs(schema), each['id'])
)
You could try this:
cursor.execute("INSERT INTO table_name (key) VALUES(%s)",(value1,))
You will get an error if you are missing a (,) after value1.
The correct way to pass variables in a SQL command is using the second argument of the execute() method. And i think you should remove single quotes from second parameter, read about it here - http://initd.org/psycopg/docs/usage.html#the-problem-with-the-query-parameters.
Note that you cant pass table name as parameter to execute and it considered as bad practice but there is some workarounds:
Passing table name as a parameter in psycopg2
psycopg2 cursor.execute() with SQL query parameter causes syntax error
To pass table name try this:
cursor.execute("""SELECT name FROM "%s".customer WHERE firm_id=%s""" % (schema, '%s'), (each['id'],))
Every time I have this kind of error, I am passing the wrong amount of values. Try check it
I am having the problem
OperationalError: (1054, "Unknown column 'Ellie' in 'field list'")
With the code below, I'm trying to insert data from json into a my sql database. The problem happens whenever I try to insert a string in this case "Ellie" This is something do to with string interpolation I think but I cant get it to work despite trying some other solutions I have seen here..
CREATE TABLE
con = MySQLdb.connect('localhost','root','','tweetsdb01')
cursor = con.cursor()
cursor.execute("CREATE TABLE IF NOT EXISTS User(user_id BIGINT NOT NULL PRIMARY KEY, username varchar(25) NOT NULL,user varchar(25) NOT NULL) CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE=InnoDB")
con.commit()
INSERT INTO
def populate_user(a,b,c):
con = MySQLdb.connect('localhost','root','','tweetsdb01')
cursor = con.cursor()
cursor.execute("INSERT INTO User(user_id,username,user) VALUES(%s,%s,%s)"%(a,b,c))
con.commit()
cursor.close()
READ FILE- this calls the populate method above
def read(file):
json_data=open(file)
tweets = []
for i in range(10):
tweet = json.loads(json_data.readline())
populate_user(tweet['from_user_id'],tweet['from_user_name'],tweet['from_user'])
Use parametrized SQL:
cursor.execute("INSERT INTO User(user_id,username,user) VALUES (%s,%s,%s)", (a,b,c))
(Notice the values (a,b,c) are passed to the function execute as a second argument, not as part of the first argument through string interpolation). MySQLdb will properly quote the arguments for you.
PS. As Vajk Hermecz notes, the problem occurs because the string 'Ellie' is not being properly quoted.
When you do the string interpolation with "(%s,)" % (a,) you get
(Ellie,) whereas what you really want is ('Ellie',). But don't bother doing the quoting yourself. It is safer and easier to use parametrized SQL.
Your problem is that you are adding the values into the query without any escaping.... Now it is just broken. You could do something like:
cursor.execute("INSERT INTO User(user_id,username,user) VALUES(\"%s\",\"%s\",\"%s\")"%(a,b,c))
But that would just introduce SQL INJECTION into your code.
NEVER construct SQL statements with concatenating query and data. Your parametrized queries...
The proper solution here would be:
cursor.execute("INSERT INTO User(user_id,username,user) VALUES(%s,%s,%s)", (a,b,c))
So, the problem with your code was that you have used the % operator which does string formatting, and finally you just gave one parameter to cursor.execute. Now the proper solution, is that instead of doing the string formatting yourself, you give the query part to cursor.execute in the first parameter, and provide the tuple with arguments in the second parameter.