1

I've been trying for a while now and have look online and can't figure it out.

Variables are numbers and animals

sql = ("INSERT INTO favourite (number, info) VALUES (numbers, animals  )")
cursor.execute(*sql)
conn.comit()
Improve this question
5
  • Where did you look online? Did you read official MySQL Connector documentation? Commented May 24, 2016 at 5:50
  • In Python, variable names don't start with an uppercase letter. Name them sql, cursor, conn. Commented May 24, 2016 at 5:57
  • I wrote this on my phone and automatically made them upper case. Commented May 24, 2016 at 6:01
  • @Tom Please go through official documents before posting questions to Stackoverflow , otherwise you ll get block here . Commented May 24, 2016 at 6:17
  • Possible duplicate of How to use variables in SQL statement in Python? Commented Jun 5, 2018 at 10:43

5 Answers 5

Reset to default
2 
sql = ("INSERT INTO favourite (number, info) VALUES (%s, %s)", (numbers, animals))

for safety, always use escape, see http://dev.mysql.com/doc/refman/5.7/en/string-literals.html

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Use: 

sql=("INSERT INTO favourite (number, info) VALUES ({},{})".format(numbers,animals))

Its always good to use format as per future references. Check https://docs.python.org/release/3.1.5/library/stdtypes.html#old-string-formatting-operations

Improve this answer

1 Comment

Don't insert parameters into an SQL statement manually. You need proper quoting of the values, and a chosen SQL connector library always provides this functionality.
0

I think the following should work. Let me know how it works out for you.

sql=("INSERT INTO favourite (number, info) VALUES ({},{})".format(numbers,animals))

Improve this answer

1 Comment

Thank you for the downvote. Please improve the answer if you think you can!
0 
    sql = "INSERT INTO favourite (number, info) VALUES (%s, %s)"
    val = (numbers, animals)
    cursor.execute(sql, val)
    conn.commit()

This works I just tested. Also you mispelled commit idk if that was intentional..

incase you dont have the top connection part right here

    db = mysql.connector.connect(
            host="localhost",
            user="root",
            password="password",
            database="database"
            )

    cursor = db.cursor()
Improve this answer

Comments

-1

Here is alternative solution which works for me

cursor = conn.cursor()
query ="INSERT INTO favourite (number, info) VALUES ('"+ variable1  +"','"+  variable2+"')"
cursor.execute(query)
conn.commit()
Improve this answer

1 Comment

This is a very dangerous method, because it doesn't escape anything. Hence, if your variable includes any SQL characters, such as ;, it will be interpreted as part of the statement. This means your code is now vulnerable to SQL injection. If your variable1 is populated with ; DROP TABLE favourite;, it would delete the entire table and it's contents.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.