You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1

Question

@bot.message_handler(commands=['start'])
def start(m):
    cid = m.chat.id
    secret = id_generator()
    hashedpw = hashlib.md5( secret ).hexdigest()
    cur.execute("INSERT into `users` (username, password) VALUES (str(cid), str(hashedpw)")
    bot.send_message(m.chat.id, "Your secret token is " + secret)

Can someone may help me in fixing this problem? To be honest I have no idea what the problem could be.

Which tutorial are you using? – Ignacio Vazquez-Abrams Aug 03 '16 at 12:11 — Ignacio Vazquez-Abrams, Aug 03 '16 at 12:11

score 0 · Accepted Answer · answered Aug 03 '16 at 12:09

0

You have an error in your SQL syntax

You're missing a closing parenthesis ) for VALUES:

cur.execute("INSERT into `users` (username, password) VALUES (str(cid), str(hashedpw))")

answered Aug 03 '16 at 12:09

J. Titus

9,535
1
32
45

score 0 · Answer 2 · edited May 23 '17 at 12:14

It is because you need to pass the actual parameters to the database, which would be quoted for strings - e.g.

cur.execute("INSERT into `users` (username, password) VALUES ('jon','passwd')")

Try something like, which will use the values in your variables:

cur.execute("INSERT into `users` (username, password) VALUES (?,?)", (str(cid), str(hashedpw)) )

this answer may help:

How to use variables in SQL statement in Python?

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1

2 Answers2