0

I'm trying to insert data into my mysql database, but I always get the error that something is wrong with the parameters, that I'd like to add into my insert statement, I tried all kinds of solutions and the one with the 's', 's' worked, it got inserted into my db.

Has anybody got an idea what can be wrong?

Thanks.

try:
    conn = mysql.connect()
    cursor = conn.cursor()
    insert_cmd = "INSERT INTO TBTAB VALUES(%s, %s, %s, %s, %s)"
    #insert_cmd = "INSERT INTO TBTAB VALUES('s', 's', 's', 's', 's')"
    # insert_cmd = "INSERT INTO TBTAB VALUES(?, ?, ?, ?, ?)"
    tpa= ("szilva", "barack", "meggye", "alma", "korte")
    #cursor.execute("INSERT INTO TBTAB (UserName, Email, TextBoxCont, NodeChosen, CurDate) VALUES ('Caal', 'TomErichsen', 'Svanger', '400esd6', 'Nqdwasorway');")
    cursor.execute(insert_cmd.format(tpa))
    conn.commit()
    return render_template('form.html')
except Exception as e:
    return str(e)

error:

(1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s, %s, %s, %s, %s)' at line 1")
Denis Dore
  • 105
  • 8
  • 1
    You shouldn't be using `format` to insert parameters into your query. Try `cursor.execute(insert_cmd, tpa)` – khelwood Aug 22 '18 at 13:42

1 Answers1

4

You should pass the query parameters as a tuple to cursor.execute() instead of interpolating them into the query, i.e.:

cursor.execute(insert_cmd, tpa)

%s in the query serves as a placeholder for a single parameter.

Eugene Yarmash
  • 142,882
  • 41
  • 325
  • 378
  • Thank you very much, now it works when I render a page, but when I press the submit button (it's in a form) on my page and on that click the string tuple should get insterted into the database, I get internal server error. Do you know why? Thnaks – Denis Dore Aug 22 '18 at 13:50