Python - OperationalError in SQLite3

Question

When I insert in DB, I get this error:

sqlite3.OperationalError: near "word": syntax error

Code:

con = sqlite3.connect('films.db')
cur = con.cursor()
cur.execute('CREATE TABLE films (id INTEGER PRIMARY KEY, name VARCHAR(100), ' +
            'img BLOB, imbd VARCHAR(30), country_year VARCHAR(50))')
con.commit()

for i in range(97):
    cur.execute('INSERT INTO films (name, img, imbd) VALUES(' + names[i].text_content() + ', ' + str(urllib.request.urlopen(img[i].get('src')).read()) + ', ' + imbd[i].text_content() + ' )')
    con.commit()
    print(cur.lastrowid)

This string "word" from "name".

How can I fix it?

Bhargav Rao · Accepted Answer · 2014-12-24 19:54:35Z

The primary mistake which you are doing is that you are not enclosing the literals in quotations

con = sqlite3.connect('films.db')
cur = con.cursor()
cur.execute('CREATE TABLE films (id INTEGER PRIMARY KEY, name VARCHAR(100), ' +
            'img BLOB, imbd VARCHAR(30), country_year VARCHAR(50))')
con.commit()

for i in range(97):
    cur.execute('INSERT INTO films (name, img, imbd) VALUES("' + names[i].text_content() + '", "' + str(urllib.request.urlopen(img[i].get('src')).read()) + '", "' + imbd[i].text_content() + '" )')
    con.commit()
    print(cur.lastrowid)

But if you do like this you are doing the greatest error on earth. The insert statement should instead be

cur.execute('INSERT INTO films (name, img, imbd) VALUES(?,?,?)', (names[i].text_content(), str(urllib.request.urlopen(img[i].get('src')).read()), imbd[i].text_content()))

Else you are susceptable for SQL Syringing. Read this for description as to why you have to use ? instead of concatenation.

Finally See this picture and try to comprehend what would have gone wrong. enter image description here

Collectives™ on Stack Overflow

Python - OperationalError in SQLite3

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related