0

I have a python code where I'm trying to put a duration time between an end_time and a start_time in a MySQL table using the TIMEDIFF() function. The thing is that when I call the query from my code and give it the parameters, it throws me the next exception:

mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':35:23, 15:35:18)' at line 1

Here, as you can see, it says that I'm giving the parameters in the wrong format. But I debug the code and both start_time and end_time have the correct format, so I don't know why is doing this.

Here's my code:

def update_duration_mysql(pkt):
    data_base = mysql.connector.connect(host="localhost", user="root", passwd="", database="proyecto1DB")
    cursor = data_base.cursor()
    end_hour = pkt.sniff_time.hour
    end_minute = pkt.sniff_time.minute
    end_second = pkt.sniff_time.second
    set_end_time_mysql(end_hour, end_minute, end_second, pkt.sip.call_id)
    t1 = get_start_time_mysql(pkt.sip.call_id)#this is the start_time
    t2 = str(end_hour) + ":" + str(end_minute) + ":" + str(end_second)#this is the end_time
    consult = "SELECT TIMEDIFF(%s, %s)"%(t2,str(t1))
    time = cursor.execute(consult)
    sql = "UPDATE call SET duration = %s WHERE = %s"%(str(time), str(pkt.sip.call_id))
    cursor.execute(sql)
    data_base.commit()
F. Estevez
  • 31
  • 5
  • 2
    Use parametrized queries to start with `time = cursor.execute( "SELECT TIMEDIFF(%s, %s)", (t2, str(t1)))` instead of string concattenation. http://bobby-tables.com/python – Patrick Artner Mar 31 '19 at 21:09
  • Possible duplicate of [How to put parameterized sql query into variable and then execute in Python?](https://stackoverflow.com/questions/1633332/how-to-put-parameterized-sql-query-into-variable-and-then-execute-in-python) – GMB Mar 31 '19 at 23:26

0 Answers0