CODEWITHSUNDEEP
pythonsqlite
Bradley Ray
Bradley Ray

Reputation: 3

Why do I receive no column error in python sqlite3?

def insert_sub(self, uname, number):
    insert = 'UPDATE accDATA SET subscribers = {} WHERE username = {}'.format(number, uname)
    self.c.execute(insert)
    self.conn.commit()

I changed out the uname in the format with number and it worked without a problem. For some reason when I use uname it tells me there is no such column. Also when i just take out the second format and just hard code in the name it also works fine.

sqlite3.OperationalError: no such column: Bradley

Upvotes: 0

Views: 73

Answers (2)

Kyle
Kyle

Reputation: 1066

I think you might be missing quotes around your formatted username. It's not recommended to build a query like this with the .format() method as this could lead to sql injection. However, in terms of the immediate issue that you are seeing it's most likely the quotations.

def insert_sub(self, uname, number):
   insert = 'UPDATE accDATA SET subscribers = {} WHERE username = \'{}\''.format(number, uname)
   self.c.execute(insert)
   self.conn.commit()

Here is the documentation on passing parameters into the cursor.execute method.

Below is an example with using parameterized statements.

def insert_sub(self, uname, number):
    self.c.execute(
        "UPDATE accDATA SET subscribers=? WHERE username=?",
        (uname, number,)
    )

Upvotes: 2

matusf
matusf

Reputation: 601

You need to put " around {} when assigning to insert

But try using this type of inserting to prevent it against SQL injection

self.c.execute('UPDATE accDATA SET subscribers = ? WHERE username = ?', (number, uname))

Upvotes: 2

Related Questions