0

I am trying to call a sql script using python as below:

def employees(email_address):
    cursor = conn.cursor() .  <- DB Connection
    cursor.execute("""select name from employees where email_address =(%s)""", (email_address))
    employee = cursor.fetchall()

This returns an error

TypeError: not all arguments converted during string formatting

Could anyone advice as to where am I going wrong in the above. Thanks

Improve this question
3
  • I will asume you are using pymysql. In such case, use email_address = %(email_address)s, and use {'email_address': email_address} as the second parameter. Commented Dec 6, 2018 at 9:36
  • @halfelf running this on a redshift Db. Commented Dec 6, 2018 at 9:37
  • postgre then. I guess it's the same API, specified by PEP 249. Commented Dec 6, 2018 at 9:39

1 Answer 1

Reset to default
1

You need to add a % instead of a comma after the string:

Edit: my bad, actually you need to pass your arguments as a tuple so you want to use (email_address,) instead of (email_address):

def employees(email_address):
    cursor = conn.cursor() .  <- DB Connection
    cursor.execute("""select name from employees where email_address =(%s)""", (email_address,))
    employee = cursor.fetchall()
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

No, you absolutely do not. This would bypass the parameterisation functionality and leave the code open to SQL injection.
Then how do you put a variable in a string in Python without using % or .format?
This isn't "put a variable in a string". This is "insert a parameter into an SQL query".

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.