sorry if you consider as repost, quite simple code and i suspect also a trivial error here, but can't move forward:
import whois
import MySQLdb
db = MySQLdb.connect(host="localhost", user="root", passwd="pass", db="whois")
cur = db.cursor()
wi = whois.whois("google.com")
cur.execute("""INSERT INTO wrec (dname, wfull, dns) VALUES (%s, %s, %s)""") , (wi.domain_name, wi.text, wi.name_servers)
ends up in:
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s, %s, %s)' at line 1")
as said, suspecting trivial error. any suggestions? thanks a lot in advance
You placed the fetched Whois variables outside the execute function!
Change:
cur.execute("""INSERT INTO wrec (dname, wfull, dns) VALUES (%s, %s, %s)""") , (wi.domain_name, wi.text, wi.name_servers)
To:
cur.execute("""INSERT INTO wrec (dname, wfull, dns) VALUES (%s, %s, %s)""", (wi.domain_name, wi.text, wi.name_servers))
Edit:
And don't forget to add:
db.commit()
at the end of the script.
Related
I'm struggling to insert or retrive data from database I tried and I watched many tutorials but every time it stops in cur.execute(). i found problem is in the value like self.FirstNmae.text() funtion stop here
def SignupFunction(self):
try:
connection = pymysql.connect(host=cr.host, user=cr.user, password=cr.password, database=cr.database)
cur = connection.cursor()
cur.execute("insert into users (FirstNmae , LastName, Email,Password , Confirm_Paswword ,Answer) value( %s, %s, %s, %s, %s, %s)",
(
self.FirstNmae.text(),
self.LastName.text(),
self.Email.text(),
self.Password.text(),
self.Confirm_Paswword.text(),
self.Answer.text()
))
connection.commit()
connection.close()
self.labelResult.setText("Data Inserted ")
except Exception as e:
self.labelResult.setText("Error Inserting Data")
hello friend i'm not able to comment so i will post as answer from your code you are a new developer , your function is good there are no problem in it i think that the problem is in you database look at the database if you are missed something or you mess write attributes like FirstNmae
I am having difficulties connecting to a MySQL database using Python 2.7. The error I'm getting is
ProgrammingError: 1045 (28000): Access denied for user
'tommyan'#'localhost' (using password: YES)
I know similar questions exist, but none of those were helpful to me. My code is below, thanks in advance.
import mysql.connector
mydb = mysql.connector.connect(
host="127.0.0.1",
user="tommyan",
passwd="######",
database="mydatabase"
)
mycursor = mbdb.cursor()
sql = "INSERT INTO places (name, desc) VALUES (%s, %s)"
val = ("Natinal gallery", "Housing masterpieces by painters including van Gogh,
Renoir, da Vinci and Michelangelo")
mycursor.execute(sql, val)
mydb.commit()
print(mycursor.rowcount, "record inserted.")
I am trying solve problem with quotes in my sql queries. I know that many questions were asked on stackoverflow. But no one worked for me. May be because I am using other framework (pyMySQL) for sql connection. I tried parameterized mysql query:
conn = pymysql.connect(host ='host', user='user', passwd='user', db='db', charset='utf8mb4')
cur = conn.cursor()
cur.execute("USE db")
cur.execute("UPDATE table SET callback_data = %s, message = %s, photo = %s, location = %s, first_name_last_name = %s WHERE user_id=%s",
(callback_data, message, photo, location, first_name_last_name, user_id))
cur.connection.commit()
cur.close()
conn.close()
But I always get error with %s (error message: expected, got %s). My python version is 3.6.1. How I can escape quotes in my sql query? Thanks.
First, as Ilja sayed you have to use backticks for mysql reserved words.
Then for text/varchar fields you can use json dumps:
import json
[...]
cur.execute("UPDATE `table` SET callback_data = %s, message = %s, photo = %s, location = %s, first_name_last_name = %s WHERE user_id=%s", % (
json.dumps(callback_data),
json.dumps(message),
json.dumps(photo),
json.dumps(location),
json.dumps(first_name_last_name),
json.dumps(user_id)
)
I have a syntax error in my python which which stops MySQLdb from inserting into my database. The SQL insert is below.
cursor.execute("INSERT INTO %s (description, url) VALUES (%s, %s);", (table_name.encode("utf-8"), key.encode("utf-8"), data[key].encode("utf-8")))
I get the following error in my stack trace.
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your
SQL syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near ''four' (description, url) VALUES ('', 'http://imgur.com/a/V8sdH')' at line 1")
I would really appreciate assistance as I cannot figure this out.
EDIT:
Fixed it with the following line:
cursor.execute("INSERT INTO " + table_name + " (description, url) VALUES (%s, %s);", (key.encode("utf-8"), data[key].encode("utf-8")))
Not the most sophisticated, but I hope to use it as a jumping off point.
It looks like this is your SQL statement:
cursor.execute("INSERT INTO %s (description, url) VALUES (%s, %s);", (table_name.encode("utf-8"), key.encode("utf-8"), data[key].encode("utf-8")))
IIRC, the name of the table is not able to be parameterized (because it gets quoted improperly). You'll need to inject that into the string some other way (preferably safely -- by checking that the table name requested matches a whitelisted set of table names)... e.g.:
_TABLE_NAME_WHITELIST = frozenset(['four'])
...
if table_name not in _TABLE_NAME_WHITELIST:
raise Exception('Probably better to define a specific exception for this...')
cursor.execute("INSERT INTO {table_name} (description, url) VALUES (%s, %s);".format(table_name=table_name),
(table_name.encode("utf-8"),
key.encode("utf-8"),
data[key].encode("utf-8")))
I am using mariaDB(Ver 15.1 Distrib 10.0.17-MariaDB, for osx10.10 (x86_64)) and mysqlclient==1.3.6.
I just want to insert a string into a varcharfield.
import MySQLdb
import json
conn = MySQLdb.connect(
host='localhost',
port=3306,
user='root',
passwd='',
db='ng')
cur = conn.cursor()
cur.execute(INSERT INTO `current_table` (`id`, `name`) VALUES (NULL, '{name}');".format(name="Lily' dog"))
conn.commit()
but I always got a error like this:
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's dog', NULL)' at line 1")
what should I do if I want to insert quotation mark by mysql-client?
According to Amadan's comment, in bobby-tables(the site for preventing SQL injections), it suggest:
Using the Python DB API, don't do this:
Do NOT do it this way:
cmd = "update people set name='%s' where id='%s'" % (name, id)
curs.execute(cmd)
Instead, do this:
cmd = "update people set name=%s where id=%s"
curs.execute(cmd, (name, id))
so in my situation, just modify the execute line to :
cmd = "INSERT INTO `current_table` (`id`, `name`) VALUES (NULL, %s);"
cur.execute(cmd, ("Lily's dog"))
and this can avoid the error which quotation mark leads to.