I'm trying to take an input from the user in the form of a file path and then insert it into a table using string injection but I keep getting the error
mysql.connector.errors.ProgrammingError: 1064 (42000): You have
an error in your SQL syntax; check the manual that corresponds
to your MariaDB server version for the right syntax to use
near '/home/pi/Music/Ballads1)' at line 1
This is my python code
import mysql.connector
import serial
def read_rfid ():
ser = serial.Serial ("/dev/ttyS0") #Open named port
ser.baudrate = 9600 #Set baud rate to 9600
data = ser.read(12) #Read 12 characters from serial port to data
ser.close () #Close port
data=data.decode("utf-8")
return data
mydb = mysql.connector.connect(
host = 'localhost',
user = 'pi',
password = '*********',
database = 'music_to_card'
)
cursor = mydb.cursor()
tF = 1
while tF == 1:
print('Place card over reader')
cardNumber = read_rfid()
print('Enter Path to folder')
path = input()
cursor.execute(f'INSERT INTO music(cardNumber,path) VALUES ({cardNumber},{path})')
print('Inserted into database. Would you like to enter another? y/n')
yN = input()
if yN == y:
tF = 0
print('End')
I'm not sure if the error is in my SQL syntax or my Python syntax hut I'm pretty sure that both are correct so if there's something I'm missing then any help is greatly appreciated.
Edit: Both cardNumber and path are varchar(255)
