473,382 Members | 1,441 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > help with creating a mysql query string

Join Bytes to post your question to a community of 473,382 software developers and data experts.

help with creating a mysql query string

Hi,

I am trung to create a mysql query string that contais two variables, the
first holds a table name and the second holds the values as a tuple.**I
have tried the following however I can not work out how to get the format
right so the %s is subsituted with the contents of the variable, I think I
just have the quoting wrong, can anyone advise?

tablename contains the table I want to use
datavalue contains the data I want to use (contains multiple fields, we will
say 3 here for this example)

sqlquery = "INSERT INTO %s", tablename + " values(%s,%s,%s)", datavalue"

Any help appreciated

Thanks

Rigga
Jul 18 '05 #1
3 1808

"RiGGa" <ri***@hasnomail.com> wrote in message
news:3S*********************@stones.force9.net...
[snip]

sqlquery = "INSERT INTO %s", tablename + " values(%s,%s,%s)", datavalue"

[snip]

sqlquery = "INSERT INTO " + tablename + " values(%s,%s,%s)"%datavalue
Jul 18 '05 #2
On Sun, Jun 27, 2004 at 07:58:09 -0400, Sean Ross wrote:

"RiGGa" <ri***@hasnomail.com> wrote in message
news:3S*********************@stones.force9.net...
[snip]

sqlquery = "INSERT INTO %s", tablename + " values(%s,%s,%s)", datavalue"

[snip]

sqlquery = "INSERT INTO " + tablename + " values(%s,%s,%s)"%datavalue


Rather do something like:

sqlquery = "INSERT INTO %s values(%%s,%%s,%%s)" % tablename
cursor.execute(sqlquery, datavalue)

The other way allows datavalue to contain arbitrary SQL that will be
executed, which can be a nasty security hole depending on where the
value comes from.
--
mithrandi, i Ainil en-Balandor, a faer Ambar

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA3szIpNuXDQIV94oRAquQAJ0eD+g7vtxvkbMIzFB8x4 VFXtiRrQCfeVhC
HH9fqz1cODLuoB3RmFQoVTQ=
=cGqG
-----END PGP SIGNATURE-----

Jul 18 '05 #3
On Sun, Jun 27, 2004 at 07:58:09 -0400, Sean Ross wrote:

"RiGGa" <ri***@hasnomail.com> wrote in message
news:3S*********************@stones.force9.net...
[snip]

sqlquery = "INSERT INTO %s", tablename + " values(%s,%s,%s)", datavalue"

[snip]

sqlquery = "INSERT INTO " + tablename + " values(%s,%s,%s)"%datavalue


Rather do something like:

sqlquery = "INSERT INTO %s values(%%s,%%s,%%s)" % tablename
cursor.execute(sqlquery, datavalue)

The other way allows datavalue to contain arbitrary SQL that will be
executed, which can be a nasty security hole depending on where the
value comes from.
--
mithrandi, i Ainil en-Balandor, a faer Ambar

Jul 18 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
Access 2000: how to create a query based on a form parameter -- Please HELP!!
by: sheree | last post by:
I would like to create a query where one of the columns of the queries comes from a combo list box on a form. For example, if my table has the following fields: id name interest1 interest2...
Microsoft Access / VBA
0
VB6 OR VBA & Webbrowser DOM Tiny $50 Mini Project Programmer help
by: gunimpi | last post by:
http://www.vbforums.com/showthread.php?p=2745431#post2745431 ******************************************************** VB6 OR VBA & Webbrowser DOM Tiny $50 Mini Project Programmer help wanted...
Microsoft Access / VBA
3
Help with CGI functions on python.
by: cuties | last post by:
Hi all.... i'm very new to this programming language. i'm required to fulfill this task in the company i'm doing my practical. i hope i can get guide for my problem... Here is the script i...
Python
5
Lost - Please help with a query
by: deaconj999 | last post by:
Hi, I have nearly finished my database and I would like to add a query that uses a combo box to get the results, not the usual paramater style input. I suppose it would need a form and a query...
Microsoft Access / VBA
17
Motoma
Creating a Data Abstraction Layer in PHP
by: Motoma | last post by:
This article is cross posted from my personal blog. You can find the original article, in all its splendor, at http://motomastyle.com/creating-a-mysql-data-abstraction-layer-in-php/. Introduction:...
PHP
2
Java Servlet Problem. Help anyone?
by: dmstn | last post by:
Hey! I've got a little problem. I have to make a web site for a university essay. I curently have to create a search engine. Users can enter a hotel name in a search bar and results have to appear in...
Java
3
OOP help
by: fantomel | last post by:
<?php /* Create the mysql class_exists */ class mysql {
PHP
1
PLEASE HELP ON THIS... Creating a class...
by: DarkGiank | last post by:
Hi, im new to csharp and im trying to create a class that can change the application database without no rewriting all connection code... but cause some reason it is not working... it tells me that...
C# / C Sharp
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!