I'm stuck. I've been trying to insert a pdf file in to MySQL db but I can't. I've tried with mysql.connector and MySQLdb classes. I get nearly the same errors. I've read many posts about this issue. I tried commas, variables also. Here are my code and error;
import mysql.connector
db = mysql.connector.connect(host="127.0.0.1", user='root', password='masatablo', db='yukleme')
c = db.cursor()
acilacak_dosya = open("bizim.PDF", "rb")
yuklenecek_dosya = acilacak_dosya.read()
c.execute ("INSERT INTO pdfler (cizim) VALUES(%s)" %(yuklenecek_dosya))
db.commit()
db.close()
ERROR with mysql.connector:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'b'%PDF-1.4\r%\xe2\xe3\xcf\xd3\r\n4 0 obj\r<</Linearized 1/L 83892/O 6/E 79669/N ' at line 1
ERROR with MySQLdb:
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'b'%PDF-1.4\\r%\\xe2\\xe3\\xcf\\xd3\\r\\n4 0 obj\\r<</Linearized 1/L 83892/O 6/E 79669/N ' at line 1")
You'll need to use parameters, not string interpolation.
String interpolation with SQL is vulnerable to SQL injection attacks anyway.
c.execute("INSERT INTO pdfler (cizim) VALUES (%s)", (yuklenecek_dosya,))
Related
I know there're similar questions regarding this topic in Stackoverflow, like these ones:
https://stackoverflow.com/a/52303677/1876345
SQL query using %s in Python 3.3
mysql.connector.errors.ProgrammingError: 1064 (4200): You have an error in your SQL syntax;
But i still encounter an error passing a variable at moment execute is run.
Option #1
mycursor = mydb.cursor()
dbname = 'ssl'
mycursor.execute('CREATE DATABASE {}'.format(dbname))
And I get this error
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ssl' at line 1
Option 2
mycursor = mydb.cursor()
dbname = 'ssl'
mycursor.execute("CREATE DATABASE %s ", (dbname))
Getting similar error: mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s' at line 1
Any idea why?
Running this code
res = cursor.execute("SELECT `password` FROM `players` WHERE `username` = %s", usern)
I get this error:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s' at line 1
The parametrized queries expect a tuple as an argument:
query = """SELECT `password` FROM `players` WHERE `username` = %s"""
res = cursor.execute(query, (usern, ))
I have an existing table in the cloud and I want to make a copy of it. I connect to my database via pymysql, extract the username from an input provided from the new user, and I want to create a new table that will be called by the username, and that table will be a copy of the original one. When I run the code below, I have the following error:
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''username' AS SELECT * FROM original_table' at line 1")
uname = blabla#bla.com
conn = pymysql.connect(
host="db.host",
port=int(3306),
user=user,
passwd=password,
db=db,
charset='utf8mb4'
)
cur = conn.cursor()
table_name = uname.replace('#', '_').replace('.', '_')
print('TABLE NAME:', table_name)
cur.execute(""" CREATE TABLE %s AS SELECT * FROM original_table """, (table_name))
Parameter quoting is for quoting values. Quoting table names does not work, because in MySQL the way to quote a table name is by using backticks (`), not quotation marks.
MariaDB [test]> CREATE TABLE 'username' AS SELECT * FROM my_table;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''username' AS SELECT * FROM my_table' at line 1
In this cause you need to use string formatting to create the SQL statement (you can use backticks to defend against SQL-injection*):
cur.execute(""" CREATE TABLE `%s` AS SELECT * FROM original_table """ % table_name)
* I'm not an expert on SQL-injection, so do some research if table_name originates outside your application.
Been stuck whole day with this update mysql table error while build a web app with Flask python.
(1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE 'user_id'='28'' at line 1")
Tried removing comma and adding `` according to solution of similar problems in Stackoverflow but it's not working.
#app.route('/update')
def update():
try:
conn = mysql.connect()
update = conn.cursor(pymysql.cursors.DictCursor)
sql = "UPDATE user SET user_photo=%s, WHERE user_id=%s"
_path="User.30.1.jpg"
_id="28"
data = (_path,_id)
update.execute(sql,data)
conn.commit()
return render_template('training.html')
except Exception as e:
print(e)
Remove the comma from the sql variable:
sql = "UPDATE user SET user_photo=%s WHERE user_id=%s"
I'm trying to retrieve data from a MySQL-database.
A = "James"
query = ("SELECT * FROM DB.tblusers WHERE UserName = %s ")
c = mysql.connector.connect(user='root', password='',
host='127.0.0.1',
database='DB')
cur1 = c.cursor()
cur1.execute(query, A)
Gives the following error message:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%' at line 1
But the SQL works in the mySQL Workbench.
Any ideas?
A should be a tuple, try with A = ("James",)
see documentation of MySQLCursor.execute(operation, params=None, multi=False)
EDIT: added a comma, thanks to "swordofpain" (I learned something)