0

as part of an exercise I have to insert one row from a csv per second into my postgres db. Everything works fine as long as none of my rows contain strings. I'm wondering how I can make only my strings have ' ' when adding the variable to my INSERT statement.

with open(file_path, newline='') as csvfile:
  reader = csv.reader(csvfile)
  next(csvfile)
  for row in reader:
    print(row)
    cursor.execute("INSERT INTO %s (%s) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)" % (tbl_name, cols, row[0], row[1], row[2], row[3], row[4],row[5], row[6], row[7], row[8], row[9], row[10], row[11], row[12], row[13], row[14], row[15]))
    time.sleep(1)

Thanks in advance

Improve this question

1 Answer 1

Reset to default
2

You should never build a query containing values as a full string(*), but use a parameterized query

cursor.execute("INSERT INTO %s (%s) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
    % (tbl_name, cols), row[:15]))

But some engines do not like ?, in that case, you can use %s:

cursor.execute("INSERT INTO %s (%s) VALUES (%%s,%%s,%%s,%%s,%%s,%%s,%%s,%%s,%%s,%%s,%%s,%%s,%%s,%%s,%%s)"
    % (tbl_name, cols), row[:15]))

This pattern is deprecated for ages because it was the cause of SQL injection attacks...

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks I tried but got syntax error at the first comma after ?.
Thanks! That syntax works if all the values in the row are integers, but now I have the same problem, where if an entry is a string, it brings it into the INSERT statement as a string without quotations. the cols variable is passing the appropriate data type (string if the entry is a string, int if it's an int) at table creation so that isn't the issue.
Nvm it works just had to change [:15] to [:16] thanks for taking the time to look at it!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.