i have the following problem:
i want to insert the temperature of my RPI using SQLite3 and Python.
The python script that i want to use:
import subprocess
import os
import sqlite3 as lite
import datetime
import sys
import time
def get_temperature():
"Returns the temperature in degrees C"
try:
s = subprocess.check_output(["cat","/sys/class/thermal/thermal_zone0/temp"])
return s[:-1]
except:
return 0
try:
con = lite.connect('/www/auslastung.s3db')
cur = con.cursor()
temp = int(get_temperature())
zeit = time.strftime('%Y-%m-%d %H:%M:%S')
cur.execute("INSERT INTO 'temperatur' ('Wert', 'Zeit') VALUES (%s, %s)", (temp, zeit))
con.commit()
except lite.Error, e:
if con:
con.rollback()
print "Error %s" % e.args[0]
sys.exit(1)
finally:
if con:
con.close()
Every time i want to run this, i just get the error:
Error near "%": syntax error
What should i do to solve this?
Replace
cur.execute("INSERT INTO 'temperatur' ('Wert', 'Zeit') VALUES (%s, %s)", (temp, zeit))
with
cur.execute("INSERT INTO 'temperatur' ('Wert', 'Zeit') VALUES (?, ?)", (temp, zeit))
There is also a problem with your finally clause. It will fail with the error NameError: name 'con' is not defined if con is never assigned to in the first place (e.g., if the directory /www/ does not exist, so con = lite.connect('/www/auslastung.s3db') fails). You could do the following to avoid this issue:
con = None
try:
# ...
except lite.Error, e:
if con is not None:
con.rollback()
# ...
finally:
if con is not None:
con.close()
You can also replace:
cur.execute("INSERT INTO 'temperatur' ('Wert', 'Zeit') VALUES (%s, %s)", (temp, zeit))
with
cur.execute("INSERT INTO 'temperatur' ('Wert', 'Zeit') VALUES (%s, %s)" % (temp, zeit))
Either #nwk or my answer should work depending on preference.
Related
error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s)' at line 1
upi = upi_entry.get()
mysqldb = mysql.connector.connect(
host="localhost",
user="root",
password="deol9646",
database="train_login",
)
mycursor = mysqldb.cursor()
try:
mycursor.execute(
"""create table if not exists upi_data(upi text)"""
)
sql = "INSERT INTO UPI_DATA (UPI) VALUES (%s)"
val = upi
mycursor.execute(sql, val)
mysqldb.commit()
lastid = mycursor.lastrowid
messagebox.showinfo("information", "upi inserted successfully...")
upi_entry.delete(0, END)
upi_entry.focus_set()
except Exception as e:
print(e)
mysqldb.rollback()
mysqldb.close()
The parameters need to be a tuple; you're passing in val as a single value, so the MySQL driver doesn't turn %s into anything and that ends up a syntax error.
Add a comma to make a parenthesized expression ((upi)) into a 1-tuple: (upi,)
sql = "INSERT INTO UPI_DATA (UPI) VALUES (%s)"
val = (upi,)
using python,I am looping through csv file to read data, then I am ding some modifications on the readied row and call a save function to insert the modified data into MySQL.
def save(Id, modifiedData,):
try:
mydb = mysql.connector.connect(host="localhost",user="use",password="pass",database="data")
sql = "INSERT INTO data (Id, modifiedData) VALUES (%s, %s)"
recordTuple = (Id, modifiedData)
mycursor = mydb.cursor()
mycursor.execute(sql,recordTuple)
mydb.commit()
print("Record inserted successfully into table")
except mysql.connector.Error as error:
print("Failed to insert into MySQL table {}".format(error))
def main():
for row in csv:
#modify row
#creat Id
save(Id, modifiedData,)
but I don't think this is good solution to do MYSQL connection and insert data with each iteration, it will be time and resources consuming , specially when I move to real server in production
how can I improve my solution?
Ideally, connections should be managed by connection pool, should be committed bulky. But amount of csv at most, need not to mind so much. Anyway, If you don't wanna bother it, I recommend using ORM like SQLAlchemy.
You only need to create the connection once, and that should be in function main, who then passes the connection to function save as follows:
def save(mydb, Id, modifiedData):
try:
sql = "INSERT INTO data (Id, modifiedData) VALUES (%s, %s)"
recordTuple = (Id, modifiedData)
mycursor = mydb.cursor()
mycursor.execute(sql,recordTuple)
mydb.commit()
print("Record inserted successfully into table")
except mysql.connector.Error as error:
print("Failed to insert into MySQL table {}".format(error))
def main():
try:
mydb = mysql.connector.connect(host="localhost",user="use",password="pass",database="data")
except mysql.connector.Error as error:
print("Failed to create connection: {}".format(error))
return
for row in csv:
#modify row
#creat Id
save(mydb, Id, modifiedData)
For perhaps even greater performance you can try executemany:
def save(mydb, modified_records):
try:
sql = "INSERT INTO data (Id, modifiedData) VALUES (%s, %s)"
mycursor = mydb.cursor()
mycursor.executemany(sql, modified_records)
mydb.commit()
print("Records inserted successfully into table")
except mysql.connector.Error as error:
print("Failed to insert into MySQL table {}".format(error))
def main():
try:
mydb = mysql.connector.connect(host="localhost",user="use",password="pass",database="data")
except mysql.connector.Error as error:
print("Failed to create connection: {}".format(error))
return
modified_records = []
for row in csv:
#modify row
#creat Id
modified_records.append([id, modifiedData])
save(mydb, modified_records)
So here is my code. I don't know why insert isn't working. A select statement works. It doesn't fail the try catch either leading me to believe the query is executing. Also entering the insert query manually into MySQL Workbench seems to work fine.
def runQuery(query):
try:
conn = mysql.connector.connect(host='localhost',
database='optionsdata',
user='python',
passwd='python')
cursor = conn.cursor()
cursor.execute(query)
conn.close()
cursor.close()
print(query)
except Error as e:
print("Error", e)
def convertDate(date_str):
date_object = datetime.datetime.strptime(date_str, '%m/%d/%Y').date()
return date_object
ticker = "MSFT"
html = urlopen("https://api.nasdaq.com/api/quote/" + ticker + "/option-chain?assetclass=stocks&todate=2020-05-08&fromdate=2020-04-07&limit=0").read().decode('utf-8')
optionsData = json.loads(html)
rows = optionsData["data"]["optionChainList"]["rows"]
for row in rows:
call = row["call"]
expiryDate = convertDate(call["expiryDate"])
query = "INSERT INTO `optionsdata`.`call` (`ticker`, `symbol`, `last`, `change`, `bid`, `ask`, `volume`, `openinterest`, `strike`, `expiryDate`, `grabTime`) VALUES ('{0}', '{1}', '{2}', '{3}', '{4}', '{5}', '{6}', '{7}', '{8}', '{9}', '{10}');".format(ticker, call["symbol"], call["last"], call["change"], call["bid"], call["ask"], call["volume"], call["openinterest"], call["strike"], expiryDate, datetime.datetime.now())
runQuery(query)
A sample of what an insert query looks like
INSERT INTO `optionsdata`.`call` (`ticker`, `symbol`, `last`, `change`, `bid`, `ask`, `volume`, `openinterest`, `strike`, `expiryDate`, `grabTime`) VALUES ('MSFT', '#MSFT 200508C00175000', '3.21', '-0.29', '2.80', '4.25', '54', '228', '175.00', '2020-05-08', '2020-04-09 19:39:22.554538');
This is a great question! I spent hours trying to figure this out a few weeks ago. It's tricky because after executing the query, you have to call
conn.commit()
to actually update the data. So change your runQuery function like this:
def runQuery(query):
try:
conn = mysql.connector.connect(host='localhost',
database='optionsdata',
user='python',
passwd='python')
cursor = conn.cursor()
cursor.execute(query)
conn.commit() # Added commit line
conn.close()
cursor.close()
print(query)
except Error as e:
print("Error", e)
See this doc page for more info.
I am trying to use Python to insert into MySQL database, but I have an auto-increment column (TeamID). I am using the lines below and it works like a charm. BUT I would like to not specify the TeamID in my Python script as it is an auto-increment
try:
cur.execute ("INSERT INTO teams values (%d, '%s', %d, '%s')" % (11,"Sevilla", 7, "Jorge Sampaoli"))
db.commit()
this works perfectly
How can I get rid of the first %d and 11 please? I want this value to be added automatically via the script
any help is very much appreciated
EDIT:
#!/usr/bin/python
import MySQLdb
db = MySQLdb.connect(host="localhost", # your host, usually localhost
user="username", # your username
passwd="password", # your password
db="dbname") # name of the data base
cur = db.cursor()
try:
cur.execute ("INSERT INTO teams values ('%s', %d, '%s')" % ("Sevilla", 7, "Jorge Sampaoli"))
db.commit()
except Exception as e:
print("Rolling back")
print(e)
db.rollback()
db.close()
Issue is now resolved
I did specify the column names but didn't notice I need to use %s for all columns including int values. As below:
cur.execute("INSERT INTO teams (TeamName, CountryID, TeamManager) values (%s,%s,%s)", ('Everton', 1, 'Ronald Koeman'))
Try
INSERT INTO teams (name, numb, player) VALUES ('%s', %d, '%s')
I.e.explicitly list columns.
Also PLEASE don't do it like this -- instead of doing '%s' you really need to use prepared statements,I think in Python it is something like:
cursor.execute("INSERT INTO teams (name, numb, player) VALUES (%s, %d, %s)", ['Sevilla', 7, 'John Smith'])
Read up on SQL injections.
import sqlite3
def insert_data(lVideoList, gate_id):
connection = sqlite3.connect('db.sqlite',
detect_types=sqlite3.PARSE_DECLTYPES |
sqlite3.PARSE_COLNAMES)
cursor = connection.cursor()
success = 200
# gateid = 1
default_value = 0
for gate_id in range(no_of_gate):
gate_id = i+1
for videofilename in lVideoList:
print("videofilename: ", videofilename)
insert_query = ("INSERT INTO dailyfootfall(csv_name, video_download, processed, footfall, send_status, "
"male_footfall, send_status_male, female_footfall, send_status_female, gate_id,outsiders, send_status_outsiders) "
"VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,?)")
cursor.execute(insert_query,[videofilename, success, success, default_value, success, default_value,
success, default_value, success, gate_id, default_value, success])
print("Data Inserted Successfully !")
connection.commit()
cursor.close()
connection.close()
if __name__ == "__main__":
lVideoList = getCompleteVideoList("2022_01_24", "10:00", "22:00")
no_of_gate = 3
insert_data (lVideoList, gate_id)
print("default_value inserted!!!!")
I was told that writting directly to a cursor is a serious SQL vunlerability and anyone could easily dump my DB... How can I securely do SQL stuff?
import psycopg2
import web
urls = (
"/", "Index",
"/questlist", "Questlist"
)
web.config.debug = True
app = web.application(urls, globals())
render = web.template.render("templates/", base="layout")
con = psycopg2.connect(
database = "postgres",
user = "postgres",
password = "balloons",
port = "55210502147432"
)
class Index(object):
def __init__(self):
pass
def GET(self):
return render.index()
class Questlist(object):
def __init__(self):
pass
def GET(self):
try:
c = con.cursor()
c.execute("SELECT quest_title, quest_difficulty, quest_post FROM quest_list")
questlist = c.fetchall()
return render.quest(Quests = questlist)
except psycopg2.InternalError as e:
con.rollback()
print e
return "Session error"
return "wtf did u do,? u really busted her"
def POST(self):
form = web.input(quest_title="", quest_difficulty="", quest_post="")
if len(form.quest_title) + len(form.quest_difficulty) + len(form.quest_post) > 50:
return "Too many characters submitted"
try:
c = con.cursor()
c.execute("INSERT INTO quest_list (quest_title, quest_difficulty, quest_post) \
VALUES (%s, %s, %s)", (form.quest_title, form.quest_difficulty, form.quest_post))
con.commit()
except psycopg2.InternalError as e:
con.rollback()
print e
except psycopg2.DataError as e:
con.rollback()
print e
return "invalid data, you turkey"
return render.index()
if __name__ == "__main__":
app.run()
Here's the SQL im worried about:
c.execute("INSERT INTO quest_list (quest_title, quest_difficulty, quest_post) \
VALUES (%s, %s, %s)", (form.quest_title, form.quest_difficulty, form.quest_post))
here's the site right now that im using this on:
http://rpg.jeffk.org/questlist
feel free to try and break it
c.execute("INSERT INTO quest_list (quest_title, quest_difficulty, quest_post) \
VALUES (%s, %s, %s)", (form.quest_title, form.quest_difficulty, form.quest_post))
this is fine ... you are using the format strings that are built into python SQL libraries to avoid injection issues
c.execute("INSERT INTO quest_list(quest_title, quest_difficulty, quest_post)\
VALUES (%s, %s, %s)"%(form.quest_title, form.quest_difficulty, form.quest_post))
would be a potential security flaw as you are just using standard string formatting instead of the SQL mechanisms
when using standard string formatting consider the following user input
form.quest_post = "1);SELECT * FROM USERS;//"
this would allow them to dump your whole user table as it would get passed as
c.execute("INSERT INTO quest_list(quest_title,quest_dificulty,quest_post)\
VALUES (something_benign,something_else,1);SELECT * FROM USERS;//)")
which hopefully you can recognize as being a problematic statement ... or they could change your admin password or whatever ...