0

I'm trying to run an insert from Python and I get an "incorrect column name" error, but it's displaying the value of the column I'm trying to extract from irow iteration.

Is there something I'm doing wrong here? I'm explicitly declaring column names below, I don't see how its confusing the values for the column names?

for irow in cursor.execute(storedProc):
    strObj = str(irow[0])
    strGrp = str(irow[1])
    print(strObj)
    print(strGrp)
    try:
        response = requests.get(irow[2], timeout=30, auth=('user', 'pw'))
        response.raise_for_status()
        # Code here will only run if the request is successful
        # print(response.json())
        strJson = "Stuff"
        #str(response.json())
        cursor.execute("INSERT INTO dbo.ApiResults ([Object], [Group], json) VALUES ('"+strObj+"','"+strGrp+"','"+strJson+"');")
OneCricketeer
  • 179,855
  • 19
  • 132
  • 245
Doug Coats
  • 6,255
  • 9
  • 27
  • 49
  • 6
    If you parametrise your query properly, this issue will go away. – Thom A Aug 18 '21 at 15:47
  • im new at python so feel free to educate me on how to do that – Doug Coats Aug 18 '21 at 15:49
  • It depends what library you're using, @DougCoats. For example, pyodbc or pymssql. – Thom A Aug 18 '21 at 15:50
  • 1
    pyodbc is what im currently using – Doug Coats Aug 18 '21 at 15:51
  • Does this answer your question? [pyodbc insert into sql](https://stackoverflow.com/questions/20199569/pyodbc-insert-into-sql) – Thom A Aug 18 '21 at 15:51
  • Another suggestion: replace `cursor.execute` with `print` and look on output of your script. Copy-paste it into SQL Management Studio (or other client you're using), try to execute. – Alex Yu Aug 18 '21 at 16:08
  • If you shared the actual database table schema, we could see what column names are valid for you to insert into – OneCricketeer Aug 18 '21 at 16:18
  • Though would tell the OP where the error is, @AlexYu , it won't fix the injection issue. The problem at its core is that they haven't parametrised. – Thom A Aug 18 '21 at 16:18
  • It turns out that I was trying to reuse a connection that was already open. Seems kind of like a newb mistake but alas this is my first python project. I am working on using params to satisfy @Larnu though <3 – Doug Coats Aug 18 '21 at 16:31
  • @Larnu Of course. Looking for `print` is just a diagnostic measure – Alex Yu Aug 18 '21 at 16:57
  • See also https://stackoverflow.com/questions/9518148/pyodbc-how-to-perform-a-select-statement-using-a-variable-for-a-parameter – Charlieface Aug 18 '21 at 21:10

0 Answers0