1

I have this code:

   day = int (strftime ("% d"))
   month = int (strftime ("% m"))
   year = int (strftime ("% Y"))
   self.gotit_in = QDateEdit (self.centralwidget, date = QDate (year, month, day), calendarPopup = True)
   self.gotit_in.setDisplayFormat ("yyyy-MM-dd")
   self.gotit_in.setGeometry (QtCore.QRect (20, 280, 181, 22))
   self.gotit_in.setObjectName ("gotit_in")

I read the value of gotit

   gotit = self.gotit_in.text ()
   print ('gotit' + gotit)

and it prints me correctly the value I want I try to enter the goit value (e.g. '2022-09-14')

   query = "INSERT INTO` library` (acquired) VALUES (% s) "% (gotit)
   cursor = Functions.DBopen (self, dbname = 'books')
   cursor.execute (query)
   idx = cursor.lastrowid ()

and I get

  File "/usr/local/lib/python3.8/site-packages/mysql/connector/connection_cext.py", line 518, in cmd_query
    raise errors.get_mysql_exception (exc.errno, msg = exc.msg,
mysql.connector.errors.DataError: 1292 (22007): Incorrect date value: '1999' for column 'acquired' at row 1
Ryan Day
  • 113
  • 1
  • 8
  • 1
    Don't use string formatting, it's just wrong and a serious security issue. Use the `?` placeholder in the query and add the values to `execute`: `cursor.execute(query, (gotit, ))` – musicamante Sep 15 '22 at 13:59
  • Frankly I did not understand how it works, I have tried reading documentation and examples but the use of `?` it is clear to me (moderately) only with `SELECT` not with `INSERT`. Keep in mind that in the real `INSERT` there are 8 other parameters that are inserted correctly. It is true that I could do an `INSERT` then an `UPDATE` but it doesn't seem very nice to me – Ryan Day Sep 15 '22 at 18:55
  • The number of parameters is irrelevant, the *syntax* is important, which is what using `execute(query, values)` does. Your problem is that you're using a representation of the date that is used as an expression since it's not *escaped*; in fact: `2022-09-14 = 1999`. – musicamante Sep 15 '22 at 19:37
  • I solved my problems, but still couldn't find documentation on using '?'. Could you please give me a link or something useful to understand its use – Ryan Day Sep 16 '22 at 19:56

0 Answers0