0
 if result == datetime.datetime.now():
        print('book will be avilable today..')
        ask5 = input('Do you want to issue this book? yes/no: ')
        if ask5 == 'yes':
            issue()
            ask6 = input('enter your student id again for verification: ')
            subq = schooldb.execute('select student_id from issued_books where student_id = {}'.format(ask6))
            if subq[0] == ask6:
                pass

I keep on getting this as an error: raise errors.get_mysql_exception(exc.errno, msg=exc.msg, MySQL.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Cosmos' at line 1

snakecharmerb
  • 47,570
  • 11
  • 100
  • 153
Soul
  • 1
  • 1
  • Please give more context to your question: Which language is it? Which frameworks are used? To view the exact SQL statement that is queried, you can enable `general_log_file=/tmp/mysql.log` in your MySQL config. Then look into the logfile after your code has run. – cachius Apr 03 '22 at 16:53
  • I would do a print('select student_id from issued_books where student_id = {}'.format(ask6)) and see what that SQL looks like and then try to execute it in my own client to determine why it's not work. that being said, using `.format()` to concatenate your id into your sql statement is very bad practice and will lead to a sql injection attack as well as other problems, perhaps the one you are facing now. Instead you should be binding your parameters to your SQL like what's shown [here](https://pynative.com/python-mysql-execute-parameterized-query-using-prepared-statement). – JNevill Jul 14 '22 at 15:40
  • Also, that "Cosmos" bit in your error is odd. There is Cosmos DB, but that's an Azure product and not related to mysql (at least as far as I know). – JNevill Jul 14 '22 at 15:43

0 Answers0