1

I am trying to do something with SQL for my school project. To use variables in the SQL statements I followed this post: How to use variables in SQL statement in Python?. But I am getting the following error in this function:

Something went wrong: Not all parameters were used in the SQL statement

def Einkauf():
Typ = int(input("Typ"))
Anzahl = input("Anzahl")
MHD = input("MHD (YYYYMMDD)")
try:
    cursor.execute("insert into Warenlager(Anzahl, MHD, StatusID, TypId) values(?,?,1,?)", (Anzahl,MHD,Typ))
    db.commit()
except mysql.connector.Error as err:
    print("Something went wrong: {}".format(err))
Jiri Tousek
  • 12,211
  • 5
  • 29
  • 43
T177p
  • 13
  • 3
  • 3
    What database are you using? Some adapters use `%s` fur the placeholder rather than `?`. – Daniel Roseman Oct 25 '18 at 07:07
  • i am using mysql with phpmyadmin as websurface. The modules i am using are mysql.connector and sqlite3 to make the '?' work. In the post i am referencing in the way with '%s' is called insecure. – T177p Oct 25 '18 at 07:16
  • 1
    You can't be using mysql.connector *and* sqlite. Sqlite is a completely different database. You are using MySQL, which as I say uses `%s`. – Daniel Roseman Oct 25 '18 at 07:35

2 Answers2

1

As I said in the comments, mysql.connector uses %s as the placeholder.

cursor.execute("insert into Warenlager(Anzahl, MHD, StatusID, TypId) values(%s, %s, 1, %s)", (Anzahl,MHD,Typ))

Note, this is not insecure, because you are not using that for string interpolation. This would be insecure:

cursor.execute("insert into Warenlager(Anzahl, MHD, StatusID, TypId) values(%s, %s, 1, %s)" % (Anzahl,MHD,Typ))  # don't do this

In fact, the post you reference says exactly the same thing, so I don't know where you got the idea that you shouldn't do it.

Daniel Roseman
  • 588,541
  • 66
  • 880
  • 895
-1

change this

Warenlager(Anzahl, MHD, StatusID, TypId) values(?,?,1,?)", (Anzahl,MHD,Typ)

to 

Warenlager(Anzahl, MHD, StatusID, TypId) values(?,?,?,?)", (Anzahl,MHD,1,Typ)
Fabrizio
  • 7,603
  • 6
  • 44
  • 104
Majid Khakwani
  • 26
  • 6