When trying to execute the following:
def postToMySQL(date,data,date_column_name,data_column_name,table):
cursor = conn.cursor ()
sql = "\"\"\"INSERT INTO " + table + " (" + date_column_name + ", " + data_column_name + ") VALUES(%s, %s)" + "\"\"\"" #+ ", " + "(" + date + ", " + data + ")"
cursor.execute(sql,(date,data))
I get this error:
_mysql_exceptions.ProgrammingError: (1064, ‘You have an error in your SQL syntax… near:
\’“””INSERT INTO natgas (Date, UK) VALUES(\’2012-05-01 13:00:34\’, \’59.900\’)”””\’ at line 1′)
I’m puzzled as to where the syntax is wrong, because the following hardcoded example works fine:
def postUKnatgastoMySQL(date, UKnatgas):
cursor = conn.cursor ()
cursor.execute("""INSERT INTO natgas (Date, UK)VALUES(%s, %s)""", (date, UKnatgas))
Can you spot the error?
Alternately, could you tell me how to pass parameters to the field list as well as the value list?
Thanks a lot!
Those triple quotes are a way of representing a string in python. They aren’t supposed to be part of the actual query.
On another note, be very sure you trust your input with this approach. Look up
SQL Injection.