1

So currently I have 1 script inserting sensor data into my weather database every hour using python.

I have now added a second script to add rainfall data into the same table also every hour.

Now the problem: When the 2nd script inserts, all other values get 'zeroed'. As displayed in grafana.

am I overwriting somewhere or, if someone could point me in the right direction

Weather sensors insert statement

 sql=("INSERT INTO WEATHER_MEASUREMENT (AMBIENT_TEMPERATURE, AIR_PRESSURE, HUMIDITY) VALUES ({},{},{})".format(temperature,pressure,humidity))
         mycursor.execute(sql)
         weatherdb.commit()

Rainfall sensors insert

sql=("INSERT INTO WEATHER_MEASUREMENT (RAINFALL) VALUES ({})".format(rainfall))
mycursor.execute(sql)
weatherdb.commit()
Improve this question
1
  • This seems to feature a SQL injection vulnerability. Commented Apr 20, 2023 at 4:49

1 Answer 1

Reset to default
1

Tell me if I understand it right: Your table “WEATHER_MEASUREMENT” has 4 columns (apart ID): AMBIENT_TEMPERATURE, AIR_PRESSURE, HUMIDITY and RAINFALL. When you add RAINFALL value it creates a new row in your table with other column values at “NULL” and this is the problem? If this is the case, you probably want to update existing row with a query like:

sql = ("""
          UPDATE _ WEATHER_MEASUREMENT
          SET RAINFALL = "{}"
          WHERE id_of_the_row = {}
          """.format(rainfall, id)
mycursor.execute(sql)

You will need to find a way to figure out the ID of the row you just created with your Weather sensor insert statement (maybe search for last inserted row if you are sure of timings).

/!\NOTE/!\ As mentioned in comments by victor-stafusa-bozonacadeia, sql request made with formated string (as provided in my example) is vulnerable to SQL injection. You can safely use it only if variables used for formating are coming from your code and are known to be safe. Do not use string formating if variable content comes from outside, like user input.

If there is a chance that query content comes from unsure source, one should "sanitize query". The closest way to a raw SQL request that allows to sanitize request that i found is using sqlalchemy module with "text" query and "bind parameters". You can learn more about here : https://docs.sqlalchemy.org/en/20/core/sqlelement.html#sqlalchemy.sql.expression.text

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

yes you are correct. So upon inserting rainfall after the other script, other values are 'zero' or 'null' not sure on the ID setup, however what you've said looks like what i need to do
If you are sure that your Rainfall sensors query comes right after Weather sensors query, you can execute following request to get the id: sql = ("""SELECT id FROM WEATHER_MEASUREMENT ORDER BY id DESC """) mycursor.execute(sql) last_id = mycursor.fetchall()[0] You just need to check what is the exact label of “id” column and you will be able to get the id of last inserted row like this. After that you update the row with that ID with your Rainfall data.
Ah, perfect thankyou. See i wouldn't know to do this, still relatively new to mariadb. I will give this a go, thanks!
@DanF with pleasure : )
This seems to feature a SQL injection vulnerability.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.