I'm trying to insert dict values into database. But i'm getting error .here is my dictionary. I'm using this code .
`cols = filter_dict.keys()
vals = filter_dict.values()
("INSERT INTO table (%s) VALUES (%s)", [cols, vals])
`
When I only print this query ("INSERT INTO table (%s) VALUES (%s)", [cols, vals]).
I'm getting following output.
('INSERT INTO table (%s) VALUES (%s)', [['cinematography', 'name', 'producer', 'caption', 'studio', 'editing'], ['Venkat Prasad', '100% Love', 'Bunny Vasu', '', '100% Love Poster.jpg', 'Chandra Sekhar T Ramesh,Hari Prasad']])
But When I execute this query I"m getting strange output.
the manual that corresponds to your MySQL server version for the right syntax to use near \'table (("\'cinematography\'", "\'name\
Why execute query adding `\' to each columns?? Can any one help me? thanks
The backslashes are likely due to your debugger. Are you running your code in the interactive prompt?
Anyway, the actual problems are:
table is a reserved word. You should put table in backticks.
If your table contains more than one column, you need to have multiple %s and multiple values.
For example:
"INSERT INTO `table` (%s, %s, &s) VALUES (%s, %s, %s)"
You will also need to change (cols, vals) to list the individual values.
(cols[0], cols[1], cols[2] , vals[0], vals[1], vals[2])
I'd also strongly suggest that you try to find a better name for your table, preferably one that:
1) describes what sort of data the table contains and
2) isn't a reserved word
Related
sql = """INSERT INTO (Product_details) VALUES (%s, %s, %s, %s, %s, %s)"""
val = [name, Spec ,Ratings ,Delivery ,Discount ,Price ] # list of data into list
for values in val: #loping the variables in the list and adding it to database
engine.execute(sql, values)
It looks like you're using Python - Try ? instead of %s - sometimes the parameter marker is not what you would expect it to be so do check which one you need to use for the language you're embedding the SQL in
I am attempting to write into MySQL Table that was created using phpMyAdmin. I keep recieving the same error.
This is my code:
import pymysql
connection=pymysql.connect(user='root',password='', host='localhost',database='ProjDB')
cursor = connection.cursor()
sql = "INSERT INTO 'userdata' ('FName','LName','UserName','Pword') VALUES (%s, %s, %s, %s)"
cursor.execute(sql, ('XXXX','XXX','XXXX','XXXX'))
connection.commit()
The following line your code has some errors:
sql = "INSERT INTO 'userdata' ('FName','LName','UserName','Pword') VALUES (%s, %s, %s, %s)"
Your table name has single quote added to it. sql treats it as a string instead of table name.
The column names also are facing the same issue.
The values should be enclosed in single quotes as when formatting it via string the values are placed exactly as the string is without single quotes.
example to explain it more clearly:
your current code formats the VALUES as :
sql = "INSERT INTO 'userdata' ('FName','LName','UserName','Pword') VALUES ( XXXX, XXX, XXXX, XXXX)"
But your columns are of type varchar so they should be enclosed in single quotes.
change that query by removing the single quotes from table name and column names and add single quotes to the values.
sql = "INSERT INTO userdata (FName,LName,UserName,Pword) VALUES ('%s', '%s', '%s', '%s')"
cursor.execute(sql % ('XXXX','XXX','XXXX','XXXX'))
The Final formatted sql query will look like
INSERT INTO userdata (FName,LName,UserName,Pword) VALUES ('XXXX','XXX','XXXX','XXXX')
This is the first time for me to use pymysql cursor execute.
I have two executes;
The first one is:
sql = 'create table if not exists currency(t integer primary key, prediction real default null, realVal real default null)'
cursor.execute(sql)
This works perfectly.
The second one is:
data = [(1, 12.5), (2, 10.2)]
sql = 'insert into currency(t, prediction) values(%s, %s) on duplicate key update values prediction=values(prediction)'
cursor.execute(sql, data)
The issue arises here.
"TypeError: not all arguments converted during string formatting"
I have no idea why this happens. Anybody help me.
Thanks.
everyone.
This is Mykola. I need to spend several days to fix this problem and finally figure out the answer.
This error only appears when I use ON DUPLICATE KEY UPDATE.
Actually there is no syntax or logic error.
This is just a bug in MySQLdb which is located in usr/lib/pymodules/python2.7/MySQLdb/cursors.py:
restr = (r"\svalues\s*"
r"(\(((?<!\\)'[^\)]*?\)[^\)]*(?<!\\)?'"
r"|[^\(\)]|"
r"(?:\([^\)]*\))"
r")+\))")
insert_values= re.compile(restr)
To overcome this problem I have used two SQL clauses below.
sql = 'insert into currency(t, prediction) select %s, %s where not exists(select * from currency where t=%s)'
cursor.execute(sql, (1, 10, 1))
sql = 'update currency set prediction=%s where t=%s'
cursor.execute(sql, (12.5, 1))
If someone could make it better, please share.
Thanks.
Your second statement has a syntax error. The second word "values" in your query was too much.
insert into currency(t, prediction) values(%s, %s)
on duplicate key update prediction=values(prediction)
Furthermore use cursor.executemany() to insert multiple entries instead of execute().
So the complete code for the second query should be:
data = [(1, 12.5), (2, 10.2)]
sql = 'insert into currency(t, prediction) values(%s, %s) on duplicate key update prediction=values(prediction)'
cursor.executemany(sql, data)
i try to insert values from a dictionary to a postgres DB via SQL Insert Statement.
Host Language is Python.
First i only used VARCHAR Datytype and transformed the values like this
insert_query = 'INSERT INTO tweets VALUES (%s, %s)'
for tweet in tweets:
engine.execute(insert_query, (tweet['username'], tweet['text'])
In the next step i also need numeric values for "followers_count" (e.g. 2345) and "sentiment_score" (e.g. 0.654)
Is there something like %f (for transform to float) or another way to do this properly?
Try this:
insert_query = 'INSERT INTO tweets VALUES (%s, %s, %f, %.2f)'
for tweet in tweets:
engine.execute(insert_query, (tweet['username'], tweet['text'], tweet['floatval'], tweet['double_decimal_floatval'])
This might be a rather silly question but what am I doing wrong here? It creates the table but the INSERT INTO doesn't work, I guess I'm doing something wrong with the placeholders?
conn = psycopg2.connect("dbname=postgres user=postgres")
cur = conn.cursor()
escaped_name = "TOUR_2"
cur.execute('CREATE TABLE %s(id serial PRIMARY KEY, day date, elapsed_time varchar, net_time varchar, length float, average_speed float, geometry GEOMETRY);' % escaped_name)
cur.execute('INSERT INTO %s (day,elapsed_time, net_time, length, average_speed, geometry) VALUES (%s, %s, %s, %s, %s, %s)', (escaped_name, day ,time_length, time_length_net, length_km, avg_speed, myLine_ppy))
conn.commit()
cur.close()
conn.close()
The INSERT INTO call doesn't work, it gives me
cur.execute('INSERT INTO %s (day,elapsed_time, net_time, length, average_speed,
geometry) VALUES (%s, %s, %s, %s, %s, %s)'% (escaped_name, day ,time_length,
time_length_net, length_km, avg_speed, myLine_ppy))
psycopg2.ProgrammingError: syntax error at or near ":"
LINE 1: ...h, average_speed, geometry) VALUES (2013/09/01 , 2:56:59, 02...
Can someone help me on this one? Thanks a bunch!
You are using Python string formatting and this is a Very Bad Idea (TM). Think SQL-injection. The right way to do it is to use bound variables:
cur.execute('INSERT INTO %s (day, elapsed_time, net_time, length, average_speed, geometry) VALUES (%s, %s, %s, %s, %s, %s)', (escaped_name, day, time_length, time_length_net, length_km, avg_speed, myLine_ppy))
where the tuple of parameters is given as second argument to execute(). Also you don't need to escape any value, psycopg2 will do the escaping for you. In this particular case is also suggested to not pass the table name in a variable (escaped_name) but to embed it in the query string: psycopg2 doesn't know how to quote table and column names, only values.
See psycopg2 documentation:
https://www.psycopg.org/docs/usage.html#passing-parameters-to-sql-queries
If you want to programmatically generate the SQL statement, the customary way is to use Python formatting for the statement and variable binding for the arguments. For example, if you have the table name in escaped_name you can do:
query = "INSERT INTO %s (col1, ...) VALUES (%%s, ...)" % escaped_name
curs.execute(query, args_tuple)
Obviously, to use placeholders in your query you need to quote any % that introduce a bound argument in the first format.
Note that this is safe if and only if escaped_name is generated by your code ignoring any external input (for example a table base name and a counter) but it is at risk of SQL injection if you use data provided by the user.
To expand on #Matt's answer, placeholders do not work for identifiers like table names because the name will be quoted as a string value and result in invalid syntax.
If you want to generate such a query dynamically, you can use the referred to pyscopg2.sql module:
from psycopg2.sql import Identifier, SQL
cur.execute(SQL("INSERT INTO {} VALUES (%s)").format(Identifier('my_table')), (10,))
As of psycopg2 v2.7 there is a supported way to do this: see the psycopg2.sql docs.