bullet117
Reputation: 157
How to pass variables to MYSQL using Python
I am using MYSQL (ver. 5.5.31-0+wheezy1) and python (ver. 2.7.3) with the following statement:
q ="""INSERT INTO scale_equipment truck_id, product_id, driver_id, field_id, pit_id, harvest_equipment_id, weight, status VALUES (%s, %s, %s, %s, %s, %s, %s, %s)""",(truck_id, product_id, driver_id, field_id, pit_id, harvest_equipment_id, 0, status)
If I use:
q ="""INSERT INTO scale_equipment truck_id, product_id, driver_id, field_id, pit_id, harvest_equipment_id, weight, status VALUES ('002', 'CS', 'BG', 'HD1', 'T1', 'C1', 0, 'U')"""
it works fine, what I am I doing wrong to pass the variables in the SQL statement
I print out the q before it hits the execute query statement using the variables and this is what it looks like:
'INSERT INTO scale_equipment truck_id, product_id, driver_id, field_id, pit_id, harvest_equipment_id, weight, status VALUES (%s, %s, %s, %s, %s, %s, %s, %s)', ('002', 'CS', 'BG', 'HD1', 'T1', 'C1', 0, 'U')
Any help would be greatly appreciated.
Upvotes: 1
Views: 2985
Answers (1)
alecxe
Reputation: 473863
Query parameters should must be passed in the second argument of execute():
params = ('002', 'CS', 'BG', 'HD1', 'T1', 'C1', 0, 'U')
cursor.execute("""INSERT INTO
scale_equipment
(truck_id, product_id, driver_id, field_id, pit_id, harvest_equipment_id, weight, status)
VALUES
(%s, %s, %s, %s, %s, %s, %s, %s)""", params)
In this case you wouldn't worry about sql injections, mysqldb driver does escaping for you.
Upvotes: 1
Related Questions
- how to insert variables into mysql query
- How to use variables to insert data in python to a mysql database?
- Passing variables into MySQL queries
- Python variables in mysql request
- Passing variable into MySQL using Python 2.7
- Use a variable in SQL queries in python
- Python, mySQL with variables
- Python variable in SQL statement?
- How to pass variables for sql statements in python?
- Passing variables (table name,data) into python mysqld query