StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>You are just calling the DB API in an incrorrect form, If you substitute your parameters like that, you would be responsible for escaping quotes and double-quotes in your data yourself.</p> <p>That not only can give you tehe errors you are having (and lucky you for that), as that also allows dangerous attacks of SQL Injection.</p> <p>Python's API to databases is desigened from the ground up to avoid the possibility of such attacks, and it does this symply by letting the call to <code>cursor.execute</code> do the string substitution for you. It will then add the necessary escapes to your string. So, instead of doing:</p> <pre><code>sql_input = "INSERT INTO 963168MBV17A(Rev, Part, SN, Iterations, Date, Time, Upstream, Downstream, ResultList, Result, Report) VALUES('503', '100-120970-0031', '1594539', '%s', '%s', '%s', '%s', '%s', 0, P, 0" %(export_date, export_time, export_numtests, export_upstream, export_downstream) cur.execute(sql_input) </code></pre> <p>Do</p> <pre><code>sql_input = "INSERT INTO 963168MBV17A(Rev, Part, SN, Iterations, Date, Time, Upstream, Downstream, ResultList, Result, Report) VALUES(%s, %s,%s, %s, %s, %s, %s, %s, %s, %s, %s" cur.execute(sql_input, [503, '100-120970-0031', '1594539', export_date, export_time, export_numtests, export_upstream, export_downstream, 0, "P", 0] ) </code></pre> <p>--Still, if you need all those crazy hard-coded numbers in your SOURCE file, and not in an auto-generated file, I dare say your project is doomed to fail anyway.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload