473,288 Members | 1,693 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,288 software developers and data experts.

Help formatting a mysql query string

Hi,

I am trung to create a mysql query string that contais two variables, the
first holds a table name and the second holds the values as a tuple. I
have tried the following however I can not work out how to get the format
right so the %s is subsituted with the contents of the variable, I think I
just have the quoting wrong, can anyone advise?

tablename contains the table I want to use
datavalue contains the data I want to use (contains multiple fields, we will
say 3 here for this example)

sqlquery = "INSERT INTO %s", tablename + " values(%s,%s,%s)", datavalue"

Any help appreciated

Thanks

Rigga
Jul 18 '05 #1
3 4971
sqlquery = "INSERT INTO %s", tablename + " values(%s,%s,%s)", datavalue"


- what are the "," doing here if you are trying to build a string ?
- you should use the python povided way which is better (yours looks like
php)

cursor.execute( "INSERT INTO %(tb)s VALUES(%(a)s,%(b)s,%(c)s)",
{ 'tb':tablename, 'a':first data, 'b':second data, etc... }
Jul 18 '05 #2
Pierre-Frédéric Caillaud wrote:
sqlquery = "INSERT INTO %s", tablename + " values(%s,%s,%s)", datavalue"

- what are the "," doing here if you are trying to build a string ?
- you should use the python povided way which is better (yours looks
like php)

cursor.execute( "INSERT INTO %(tb)s VALUES(%(a)s,%(b)s,%(c)s)", {
'tb':tablename, 'a':first data, 'b':second data, etc... }


Better still, create the query string with the right table name in it
and parameter markers for the data:

sqlquery = "INSERT INTO %s VALUES (%%s, %%s, %%s)" % tablename

Supposing tablename is "customer" this gives

"INSERT INTO customer VALUES (%s, %s, %s)"

Then you can use the parameter substitution mechanism of the DB API to
insert your data in there. Suppose datavalue is ("Steve", "Holden", 85)
then you would do

cursor.execute(sqlquery, datavalue)

The problem with building the data portion of the statement is having to
put the single quotes in around strings and escape any single quotes
that might occur in the values you present. It's much easier to use the
parameter substitution mechanism, even though that *can't* be used to
change a table name in most SQL implementations.

I've assumed for the sake of argument that you're using MySQLdb, which
uses the "%s" paramstyle. mxODBC, for example, you'd use the "?" style,
which makes building statements rather easier.

One final comment: it's much safer to use the column names in INSERT, as in

INSERT INTO customer (First, Last, age)
VALUES ('Steve', 'Holden', 95)

because that isolates you from a change in the column ordering, which
can happen during database reorganizations when you insert a new column
without thinking about the consequences. Just paranoia induced by years
of experience, and therefore often effort-saving.

regards
Steve
Jul 18 '05 #3
Steve Holden wrote:
Pierre-Frédéric Caillaud wrote:
sqlquery = "INSERT INTO %s", tablename + " values(%s,%s,%s)", datavalue"

- what are the "," doing here if you are trying to build a string ?
- you should use the python povided way which is better (yours looks
like php)

cursor.execute( "INSERT INTO %(tb)s VALUES(%(a)s,%(b)s,%(c)s)", {
'tb':tablename, 'a':first data, 'b':second data, etc... }


Better still, create the query string with the right table name in it
and parameter markers for the data:

sqlquery = "INSERT INTO %s VALUES (%%s, %%s, %%s)" % tablename

Supposing tablename is "customer" this gives

"INSERT INTO customer VALUES (%s, %s, %s)"

Then you can use the parameter substitution mechanism of the DB API to
insert your data in there. Suppose datavalue is ("Steve", "Holden", 85)
then you would do

cursor.execute(sqlquery, datavalue)

The problem with building the data portion of the statement is having to
put the single quotes in around strings and escape any single quotes
that might occur in the values you present. It's much easier to use the
parameter substitution mechanism, even though that *can't* be used to
change a table name in most SQL implementations.

I've assumed for the sake of argument that you're using MySQLdb, which
uses the "%s" paramstyle. mxODBC, for example, you'd use the "?" style,
which makes building statements rather easier.

One final comment: it's much safer to use the column names in INSERT, as
in

INSERT INTO customer (First, Last, age)
VALUES ('Steve', 'Holden', 95)

because that isolates you from a change in the column ordering, which
can happen during database reorganizations when you insert a new column
without thinking about the consequences. Just paranoia induced by years
of experience, and therefore often effort-saving.

regards
Steve

Thanks for the help, sorry I posted this twice, my news reader was not
showing the original post so i resubmitted it. I normally work with php
thats why I was trying to build it as a string. I now see how I can load
the data values from my variables, however is the same possible for the
fields? I know you say its best to specify the column names etc however my
script is parsing a web page and getting the field headings (which will
stay the same), data and table name so I wanted to make the script handle
all this rather than having to have a seperate cursor.execute() for each
table I want to update - does this make sense?

Regards

Rigga
Jul 18 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
by: Kamil | last post by:
i dont know what i'm doing wrong i'm trying to get all the fields from a specific row by user name i'm using php and i got the connection string down and i made a query like this: $query =...
1
by: iksrazal | last post by:
Hi all, I've been struggling to make this command work from Java: /usr/bin/mysql c4 --user=root --password=mypass -e "source /home/crissilva/c4.sql" Works fine as shown when run from the...
6
by: sheree | last post by:
I would like to create a query where one of the columns of the queries comes from a combo list box on a form. For example, if my table has the following fields: id name interest1 interest2...
1
by: Joe | last post by:
Hello All, I am trying to insert a record in the MS Access DB and for some reason I cannot get rid of error message, System.Data.OleDb.OleDbException: Syntax error in INSERT INTO statement. ...
0
by: gunimpi | last post by:
http://www.vbforums.com/showthread.php?p=2745431#post2745431 ******************************************************** VB6 OR VBA & Webbrowser DOM Tiny $50 Mini Project Programmer help wanted...
5
by: deaconj999 | last post by:
Hi, I have nearly finished my database and I would like to add a query that uses a combo box to get the results, not the usual paramater style input. I suppose it would need a form and a query...
2
by: dmstn | last post by:
Hey! I've got a little problem. I have to make a web site for a university essay. I curently have to create a search engine. Users can enter a hotel name in a search bar and results have to appear in...
3
by: fantomel | last post by:
<?php /* Create the mysql class_exists */ class mysql {
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: marcoviolo | last post by:
Dear all, I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.