1

So I'm at the point in my program where I have a string containing the query I want to use to insert a row into a database:

query = '"INSERT INTO new_test (test_name, IP, test_run_date, results_query_time, run_time) VALUES (%s, %s, %s, %s, %s)", ("new_test", "192.168.17.194", "143917160811", "12.4847829342", "46.1268320084")'

However, when I execute the command: 

cursor.execute(query)

I get this error

ProgrammingError: (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'"INSERT INTO new_test (test_name, IP, test_run_date, results_query_time, run_tim\' at line 1')

I tried a few other combinations of quotes but I can't for the life of me figure out what I am doing wrong. Any Ideas? Thanks!

Improve this question
1
  • 1
    Do not build the query using string manipulation. You are opening yourself up to SQL injection attacks if any of the data comes from a user. The Python DB API supports parametrized queries; use them. Commented Aug 16, 2011 at 19:22

1 Answer 1

Reset to default
5

You have an extra " at the beginning of the query. That will definitely break it. It looks like you wanted:

# notice the extra ' around the %s
query = """INSERT INTO new_test 
              (test_name, IP, test_run_date, results_query_time, run_time) 
           VALUES ('%s', '%s', '%s', '%s', '%s')""" % \
           ("new_test", "192.168.17.194", "143917160811", 
           "12.4847829342", "46.1268320084")
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you, this was driving me nuts

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.