By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,606 Members | 2,016 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,606 IT Pros & Developers. It's quick & easy.

Problem with MySQL cursor

P: n/a
Hello,
I have a function that executes a SQL statement with MySQLdb:

def executeSQL(sql, *args):
print sql % args
cursor = conn.cursor()
cursor.execute(sql, args)
cursor.close()

it's called like that:

sql = "INSERT INTO %s (%s) VALUES (%s)"
executeSQL(sql, DOMAIN_TABLE, DOMAIN_FIELD, domainname)

The statement that is printed looks ok (missing quotes, but AFAIK
cursor.execute does that):

INSERT INTO domains (domain) VALUES (xgm.de)

but MySQL prints an error:

Traceback (most recent call last):
File "manage.py", line 90, in ?
addDomain(domainName)
File "manage.py", line 27, in addDomain
executeSQL(sql, DOMAIN_TABLE, DOMAIN_FIELD, domainname)
File "manage.py", line 22, in executeSQL
cursor.execute(sql, args)
File "/usr/lib/python2.4/site-packages/MySQLdb/cursors.py", line 163, in
execute
self.errorhandler(self, exc, value)
File "/usr/lib/python2.4/site-packages/MySQLdb/connections.py", line 35,
in defaulterrorhandler
raise errorclass, errorvalue
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for
the right syntax to use near ''domains' ('domain') VALUES ('xgm.de')' at
line 1")

I see the error: 2 opening quotes but only 1 closing around domains. But
where do they come from?

Note that there are no quotes at print sql % args.

Thanks,

Florian
Oct 11 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a
On Thu, Oct 11, 2007 at 03:14:30PM +0200, Florian Lindner wrote regarding Problem with MySQL cursor:
>
Traceback (most recent call last):
File "manage.py", line 90, in ?
addDomain(domainName)
File "manage.py", line 27, in addDomain
executeSQL(sql, DOMAIN_TABLE, DOMAIN_FIELD, domainname)
File "manage.py", line 22, in executeSQL
cursor.execute(sql, args)
File "/usr/lib/python2.4/site-packages/MySQLdb/cursors.py", line 163, in
execute
self.errorhandler(self, exc, value)
File "/usr/lib/python2.4/site-packages/MySQLdb/connections.py", line 35,
in defaulterrorhandler
raise errorclass, errorvalue
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for
the right syntax to use near ''domains' ('domain') VALUES ('xgm.de')' at
line 1")

I see the error: 2 opening quotes but only 1 closing around domains. But
where do they come from?

Note that there are no quotes at print sql % args.
No, there are no double quote issues. The first quote is provided by the error message, and is paired with the quote after the closed parenthesis in ('xgm.de')'. It is not part of your SQL.

Cheers,
Cliff
Oct 11 '07 #2

P: n/a
Carsten Haese wrote:
On Fri, 2007-10-12 at 13:12 +0200, Florian Lindner wrote:
>Carsten Haese wrote:
sql = "INSERT INTO "+DOMAIN_TABLE+"("+DOMAIN_FIELD+") VALUES (%s)"
executeSQL(sql, domainname)

Ok, I understand it and now it works, but why is limitation? Why can't I
just the string interpolation in any playes and the cursor function
escapes any strings so that they can't do harm to my query?
[...]

Thanks for your good explanation!

Florian

Oct 12 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.