CODEWITHSUNDEEP
pythonpostgresql
Daniel Navarrete
Daniel Navarrete

Reputation: 13

Executing python function in postgres

I'm trying to run a python function on the cursor.execute parameter but it just throws me this error. I'm using psycopg2

Traceback (most recent call last):
File "cliente.py", line 55, in <module>
cursorDB.execute(get_datos_animal('falsa'))
psycopg2.errors.UndefinedColumn: column "falsa" does not exist
LINE 1: ...e, clasificacion FROM animales WHERE animales.hierro = falsa

and my python function is this one

def get_datos_animal(hierro_v):
return "SELECT hierro, registro, nombre, fecha_nacimiento, raza, sexo, hierro_madre, hierro_padre, clasificacion FROM animales WHERE animales.hierro = " + str(hierro_v)

any idea what i´m doing wrong?

Have several functions like this with same errors.

Upvotes: 1

Views: 50

Answers (2)

snakecharmerb
snakecharmerb

Reputation: 55943

Use the automatic parameter quoting provided by your connection to ensure that values in queries are always quoted correctly, and to avoid SQL injection attacks.

stmt = """SELECT hierro, registro, nombre, fecha_nacimiento, raza, sexo, hierro_madre, hierro_padre, clasificacion 
                 FROM animales 
                 WHERE animales.hierro = %s"""

cursor.execute(stmt, (hierro_v,))

Upvotes: 1

Hemant
Hemant

Reputation: 1438

In postgres if you pass value without quotes it will treat that as column name.

Try this: 

def get_datos_animal(hierro_v):
return "SELECT hierro, registro, nombre, fecha_nacimiento, raza, sexo, hierro_madre, hierro_padre, clasificacion FROM animales WHERE animales.hierro = '"+str(hierro_v)+"'"

Upvotes: 0

Related Questions