Develop Reference

Insert list into mysql using python - Not all parameters were used in the SQL statement

I'm trying to insert a list into multiple columns in a mysql database.
But I keep getting this error: "Not all parameters were used in the SQL statement"
I'm new to this, but as I understand it, I'm supposed to use question marks in the statement to avoid SQL Injections.
This is the script:
import mysql.connector
wlcdb = mysql.connector.connect(
host="fqdn-server",
user="db-user",
password="sure",
database="cisco_wlc")
sqlcursor = wlcdb.cursor()
liste = ['3HETF3WP', 'DHP4QB6B', 'TQDAEPRY', 'Q7GFC2A6', 'DVXD3PXX']
params = ['?' for item in liste]
print (params)
sql = 'INSERT INTO wlc_mpsk (field0, field1, field2, field3, field4) VALUES (%s);' % ','.join(params)
print (sql)
sqlcursor.execute(sql, liste)
And when executing, the error comes:
mysql.connector.errors.ProgrammingError: Not all parameters were used in the SQL statement
Can anyone help me?
Thank you

The code below will work:
sqlcursor = wlcdb.cursor()
liste = ['3HETF3WP', 'DHP4QB6B', 'TQDAEPRY', 'Q7GFC2A6', 'DVXD3PXX']
sql = 'INSERT INTO wlc_mpsk (field0, field1, field2, field3, field4) VALUES (%s, %s, %s, %s, %s)'
sqlcursor.execute(sql, liste)
wlcdb.commit()

liste = ['3HETF3WP', 'DHP4QB6B', 'TQDAEPRY', 'Q7GFC2A6', 'DVXD3PXX']
sql = "INSERT INTO wlc_mpsk (field0, field1, field2, field3, field4) VALUES (%s);" % ("'"+"','".join(liste)+"'")
print(sql)
It's easier if you write this

I've been tried to insert a record to sql table using tkinter with entry widget, but i got an sql syntax error

This is my update:
def submit():
nama = Nama.get()
tgl_lahir = tgl_Lahir.get()
alamat = Alamat.get()
no_telp = No_telp.get()
insert = (nama,tgl_lahir,alamat,no_telp)
#connect to database
db = pymysql.connect(db="db_petugas", host="localhost", passwd="", user="root")
#prepare cursor
cur = db.cursor()
#insert into petugas table
sql = "INSERT INTO petugas VALUES ("",%s, %s, %s, %s);"
#execute sql code
cur.execute(sql, insert)
db.commit()
db.close()
#delete the entry
Nama.delete(0, END)
tgl_Lahir.delete(0, END)
Alamat.delete(0, END)
No_telp.delete(0, END)
This is error what i got:
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''Vanes', '1 June 2003', 'Grand Hill 23', '091293812030')' at line 1")

It is not safe to use concatenation with sql queries through python as it is vulnerable to sql injection. I recommend trying out to use placeholder(%s) and parametric substitution, like:
sql = "INSERT INTO petugas VALUES (NULL, %s, %s, %s);" #Using placeholders
# execute sql code
cur.execute(sql,insert) #substituting the tuple as a parameter
db.commit()
db.close()
Hope this cleared your error, do let me know if any doubts.
Cheers

Fix %s sql query in python

Python refuses to execute an sql query
I want to execute an insert sql query with python language in Pycharm.
An error is launched after executing the code below:
import mysql.connector
stock = mysql.connector.connect(
host="localhost",
user="root",
passwd="admin2020",
database="stock"
)
sql = "INSERT INTO produit(code, nom, prix_unitaire, tva, quantite) VALUES(%s,%s,%f,%f,%d)"
valeurs = ("LAM","lampe",0.9,0.19,10)
mycursor = stock.cursor()
mycursor.execute(sql, valeurs)
The error message is:
mysql.connector.errors.ProgrammingError: Not all parameters were used in the SQL statement

You're confusing %s used as a parameter marker for a query, and %s (%d, %f, etc) used in Python string formatting. In your queries you should use just %s, the database driver will format the query for you:
sql = ("INSERT INTO produit(code, nom, prix_unitaire, tva, quantite) "
"VALUES (%s, %s, %s, %s, %s)")
valeurs = ("LAM", "lampe", 0.9, 0.19, 10)
mycursor.execute(sql, valeurs)

Try this one
sql = "INSERT INTO produit(code, nom, prix_unitaire, tva, quantite) VALUES(%s,%s,%f,%f,%d)"%("LAM","lampe",0.9,0.19,10)
mycursor = stock.cursor()
mycursor.execute(sql)

importing values of a python dictionary as data to an existing mysql table

I have problem with storing values of a python dictionary as data to an existing mysql table
I tried to use the code below but it's not working.
db = mysql.connect(
host="localhost",
user="root",
passwd="123456",
database="tgdb"
)
cursor = db.cursor()
val = ', '.join("'" + str(x) + "'" for x in dict.values())
sql = "INSERT INTO tgdb.channel(user_name, image_url, name,
number_of_members, description, channel_url) VALUES (%s, %s, %s, %s, %s,
%s)"
cursor.execute(sql, val)
db.commit()
print(cursor.rowcount, "record inserted.")
"you have an error in your SQL syntax"

As writed #Torxed shouldn't translate dict in string, you can write just that:
cursor.execute(sql, list(dict.values())

SQLite3 and python not inserting rows

I'm trying to insert a row into my table. I've been following the documentation here: https://docs.python.org/2/library/sqlite3.html I get the error: sqlite3.OperationalError: no such column: asd. asd is the value i entered for scholarship name. Heres my code:
conn = sqlite3.connect('pathfinder.db')
c = conn.cursor()
c.execute("INSERT INTO %s VALUES (%s, %s, %s, %s, %s, %s, %s)" % (table, request.form['scholarship_name'],request.form['scholarship_gpa'],request.form['scholarship_amount'], "Male",request.form['specific_essay'], "[]","[]"))

Consider parameterization which is advised in the very link you are following:
# Never do this -- insecure!
symbol = 'RHAT'
c.execute("SELECT * FROM stocks WHERE symbol = '%s'" % symbol)
String interpolated SQL statements especially with user input from flask requests can potentially be dangerous to your database. Therefore, consider using the second argument of execute that binds values to placeholders, ?, in prepared statement.
# PREPARED STATEMENT
sql = "INSERT INTO {} VALUES (?, ?, ?, ?, ?, ?, ?)".format(table)
# QUERY EXECUTION
c.execute(sql, (request.form['scholarship_name'],
request.form['scholarship_gpa'],
request.form['scholarship_amount'],
"Male",
request.form['specific_essay'],
"[]",
"[]")
)