pymysql return error SQL syntax

Question

On py3, i use pymysql module for connecting to MySQL.

i write function into Database() class like this where MySQLi run on constructor:

def add_user_to_database(self, id, first_name, last_name, username, lang_code):
    with self.MySQLi.cursor() as cursor:
        cursor.execute('INSERT INTO users (id, first_name, last_name, username, language_code) VALUES ({0}, {1}, {2}, {3}, {4})'.format(id, first_name, last_name, username, lang_code))
    connection.commit()

after i run py database.php it show this error :( :

    raise errorclass(errno, errval)
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' sepwhrr, en)' at line 1")

Don't use string interpolation to build SQL.

Daniel Roseman
– Daniel Roseman

2017-12-09 17:06:52 +00:00
Commented Dec 9, 2017 at 17:06 — Daniel Roseman
– Daniel Roseman, Commented Dec 9, 2017 at 17:06
So use what? @DanielRoseman

sephrrr
– sephrrr

2017-12-09 17:08:08 +00:00
Commented Dec 9, 2017 at 17:08 — sephrrr
– sephrrr, Commented Dec 9, 2017 at 17:08

bakkal · Accepted Answer · 2017-12-09 18:32:08Z

2

When you build a query with string interpolation, you can get escape/quoiting issues, however it's easy to use a parametrised query:

sql = "INSERT INTO `users` (`id`, `first_name`) VALUES (%s, %s)"
cursor.execute(sql, (id, first_name)

answered Dec 9, 2017 at 18:32

bakkal

55.6k12 gold badges136 silver badges113 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

pymysql return error SQL syntax

1 Answer 1

Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Linked

Related