471,354 Members | 1,472 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,354 software developers and data experts.

Problem with MySQL cursor

Hello,
I have a function that executes a SQL statement with MySQLdb:

def executeSQL(sql, *args):
print sql % args
cursor = conn.cursor()
cursor.execute(sql, args)
cursor.close()

it's called like that:

sql = "INSERT INTO %s (%s) VALUES (%s)"
executeSQL(sql, DOMAIN_TABLE, DOMAIN_FIELD, domainname)

The statement that is printed looks ok (missing quotes, but AFAIK
cursor.execute does that):

INSERT INTO domains (domain) VALUES (xgm.de)

but MySQL prints an error:

Traceback (most recent call last):
File "manage.py", line 90, in ?
addDomain(domainName)
File "manage.py", line 27, in addDomain
executeSQL(sql, DOMAIN_TABLE, DOMAIN_FIELD, domainname)
File "manage.py", line 22, in executeSQL
cursor.execute(sql, args)
File "/usr/lib/python2.4/site-packages/MySQLdb/cursors.py", line 163, in
execute
self.errorhandler(self, exc, value)
File "/usr/lib/python2.4/site-packages/MySQLdb/connections.py", line 35,
in defaulterrorhandler
raise errorclass, errorvalue
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for
the right syntax to use near ''domains' ('domain') VALUES ('xgm.de')' at
line 1")

I see the error: 2 opening quotes but only 1 closing around domains. But
where do they come from?

Note that there are no quotes at print sql % args.

Thanks,

Florian
Oct 11 '07 #1
2 2156
On Thu, Oct 11, 2007 at 03:14:30PM +0200, Florian Lindner wrote regarding Problem with MySQL cursor:
>
Traceback (most recent call last):
File "manage.py", line 90, in ?
addDomain(domainName)
File "manage.py", line 27, in addDomain
executeSQL(sql, DOMAIN_TABLE, DOMAIN_FIELD, domainname)
File "manage.py", line 22, in executeSQL
cursor.execute(sql, args)
File "/usr/lib/python2.4/site-packages/MySQLdb/cursors.py", line 163, in
execute
self.errorhandler(self, exc, value)
File "/usr/lib/python2.4/site-packages/MySQLdb/connections.py", line 35,
in defaulterrorhandler
raise errorclass, errorvalue
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for
the right syntax to use near ''domains' ('domain') VALUES ('xgm.de')' at
line 1")

I see the error: 2 opening quotes but only 1 closing around domains. But
where do they come from?

Note that there are no quotes at print sql % args.
No, there are no double quote issues. The first quote is provided by the error message, and is paired with the quote after the closed parenthesis in ('xgm.de')'. It is not part of your SQL.

Cheers,
Cliff
Oct 11 '07 #2
Carsten Haese wrote:
On Fri, 2007-10-12 at 13:12 +0200, Florian Lindner wrote:
>Carsten Haese wrote:
sql = "INSERT INTO "+DOMAIN_TABLE+"("+DOMAIN_FIELD+") VALUES (%s)"
executeSQL(sql, domainname)

Ok, I understand it and now it works, but why is limitation? Why can't I
just the string interpolation in any playes and the cursor function
escapes any strings so that they can't do harm to my query?
[...]

Thanks for your good explanation!

Florian

Oct 12 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

11 posts views Thread by grumfish | last post: by
3 posts views Thread by David Mitchell | last post: by
reply views Thread by Daniel Crespo | last post: by
3 posts views Thread by cnplnsk | last post: by
2 posts views Thread by Florian Lindner | last post: by
3 posts views Thread by len | last post: by
reply views Thread by Edwin.Madari | last post: by
reply views Thread by XIAOLAOHU | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.