nachtmsk
asked on
INSERT for sqlite3 in Python
Hi,
I'm a programmer who is learning python.
Right now I'm using sqlite to work on learning sql commands and syntax in python.
I've read it's better to use the following method (don't remember what they call it) in python to avoid an SQL injection attack(which I know very well about having had one on an old ASP site I used to manage)
Anyway, the code keeps telling me syntax error on the INSERT statement. I've tried every variation I can think of but still no luck
Help please?
---------
import sqlite3
db = sqlite3.connect('./wordlis t.sqlite')
cursor = db.cursor()
cursor.execute("INSERT INTO wordlist(word) VALUES(?,)",('Mike'))
I'm a programmer who is learning python.
Right now I'm using sqlite to work on learning sql commands and syntax in python.
I've read it's better to use the following method (don't remember what they call it) in python to avoid an SQL injection attack(which I know very well about having had one on an old ASP site I used to manage)
Anyway, the code keeps telling me syntax error on the INSERT statement. I've tried every variation I can think of but still no luck
Help please?
---------
import sqlite3
db = sqlite3.connect('./wordlis
cursor = db.cursor()
cursor.execute("INSERT INTO wordlist(word) VALUES(?,)",('Mike'))
After INSERT INTO specify the name of the table the record will be inserted into. I'm not sure what you intend with wordlist(word).
maybe you are trying this?
cursor.execute("INSERT INTO YourTableName VALUES(:1,)",['Mike'])
cursor.execute("INSERT INTO YourTableName VALUES(:1,)",['Mike'])
Maybe this is what you intend.
cursor.execute("INSERT INTO wordlist (word) VALUES (?)",('Mike'))
cursor.execute("INSERT INTO wordlist (word) VALUES (?)",('Mike'))
ASKER
Mark, I tried what you suggested.
I get a response back like this
:sqlite3.ProgrammingError: Incorrect number of bindings supplied. The current statement uses 1, and there are 4 supplied.
The name of the table is wordlist. The name of the field is word.
I get a response back like this
:sqlite3.ProgrammingError:
The name of the table is wordlist. The name of the field is word.
ASKER
arana - I tried what you said and got this back;
cursor.execute("INSERT INTO YourTableName VALUES(:1,)",['Mike'])
sqlite3.OperationalError: near ")": syntax error
cursor.execute("INSERT INTO YourTableName VALUES(:1,)",['Mike'])
sqlite3.OperationalError: near ")": syntax error
If your table has four columns, can you supply the column names and values?
ASKER
Mark -- my table has one column -- "word".
I just imported a Unix dict file into the table for testing.
I just imported a Unix dict file into the table for testing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Walter. that worked. I had a feeling it was a comma misplaced but I couldn't find out where. Works now.