Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #61375

Re: ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1")

Path csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!rt.uk.eu.org!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path <rosuav@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.025
X-Spam-Evidence '*H*': 0.95; '*S*': 0.00; 'subject:error': 0.03; 'encoding': 0.05; 'column': 0.07; 'utf-8': 0.07; '#print': 0.09; 'postgresql,': 0.09; 'spelling': 0.09; 'subject:version': 0.09; 'cc:addr:python-list': 0.11; '"values"': 0.16; 'ascii,': 0.16; 'confuse': 0.16; 'fixed;': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'lower-case': 0.16; 'subject: \n ': 0.16; 'unicode.': 0.16; 'wrote:': 0.18; '(not': 0.18; 'cc:addr:python.org': 0.22; 'error': 0.23; 'unicode': 0.24; 'mon,': 0.24; 'people,': 0.24; 'cc:2**0': 0.24; 'sort': 0.25; 'values': 0.27; 'header:In-Reply-To:1': 0.27; 'dec': 0.30; 'message-id:@mail.gmail.com': 0.30; 'subject:that': 0.31; 'this.': 0.32; 'table': 0.34; 'subject:the': 0.34; 'skip:u 20': 0.35; 'received:google.com': 0.35; 'done': 0.36; 'problems': 0.38; 'pm,': 0.38; 'bad': 0.39; 'sure': 0.39; 'enough': 0.39; 'called': 0.40; 'how': 0.40; 'read': 0.60; 'dangerous': 0.60; 'tell': 0.60; 'reserved': 0.61; 'back': 0.62; "you'll": 0.62; "you've": 0.63; 'here': 0.66; 'subject:your': 0.76; 'yourself': 0.78; 'invitation': 0.79; 'subject:have': 0.80; 'attacks.': 0.84; 'bite': 0.84; 'subject:SQL': 0.84; 'subject:check': 0.84; 'subject:NEW': 0.91; 'thing,': 0.91; 'to:none': 0.92; '2013': 0.98
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=k5KNTk53jfKn+oxl1Ithno8lsZQERqbCWvpU6MjEbgA=; b=nQ5Pu4zJi0/SmmtRdlUy3iOxNYRtrX1bc29RcNIc2uNXHvMbaxNjedsQxJB4ZamlYm uWdpUV9fSFiV8lBEIEof/qy3p5wFjANWHfnhG6+lv0CunZWDzUejQVOMPuiliAj3jEyw PHaWbXpTwk3tYZrN+R/4wmXKcsqKNgveVs6Q9gnUhmc1WphiKO8YUrMLSnrPO9o/Mcc4 +roQ8nOwSOgzVkvavjAL/pK0+tjDihr8Y/f4n01FZRbgtmnDIgsuVs7XA0sQ5+jmVi5F QLYLfXECFGP/UVYp53LTdBuW3DZpctWJqu9SPa2AUNiBd/VxQWsdMSW58hR9XVHAzvSM 1i/w==
MIME-Version 1.0
X-Received by 10.68.236.133 with SMTP id uu5mr3256951pbc.153.1386581771739; Mon, 09 Dec 2013 01:36:11 -0800 (PST)
In-Reply-To <6b73a879-b490-48cb-a896-4d4abee90bf5@googlegroups.com>
References <6b73a879-b490-48cb-a896-4d4abee90bf5@googlegroups.com>
Date Mon, 9 Dec 2013 20:36:11 +1100
Subject Re: ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1")
From Chris Angelico <rosuav@gmail.com>
Cc "python-list@python.org" <python-list@python.org>
Content-Type text/plain; charset=UTF-8
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.3768.1386581775.18130.python-list@python.org> (permalink)
Lines 30
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1386581775 news.xs4all.nl 2876 [2001:888:2000:d::a6]:42806
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:61375

Show key headers only | View raw

On Mon, Dec 9, 2013 at 7:41 PM, Jai <jaiprakashsingh213@gmail.com> wrote:
>     for x , y in zip(lst_content, lst_price):
>         sql = """insert into `category` (url, catagory,price) VAlUES ('%s', '%s', '%s')"""%(link1,x,y)
>         #print sql
>         sql = unicodedata.normalize('NFKD', sql).encode('ascii','ignore')
>         #sys.exit(0)
>         cursor.execute(sql)

My reading of your error message suggests that you just came across an
item category with an apostrophe in it. What you've done here is
horribly dangerous - it's an invitation for SQL injection attacks. Do
not EVER do this sort of thing, it will always come back to bite you!

Look into parameterized queries. They are the right way to do this.
Read up on SQL injection and how to avoid it.

Also: Encoding to ASCII, ignore, is a bad idea. You'll do far better
to tell MySQL to use UTF-8 and then store true Unicode. Though you may
find that you'll do better to get a better database like PostgreSQL,
as MySQL has been known to have some issues with Unicode (not sure if
they're all fixed; MySQL has enough other problems that I don't bother
with it any more).

Small tip, also: Spelling "VAlUES" with a lower-case L is only going
to confuse people, mainly yourself :) You also seem to be inconsistent
with your names - the table is called "category" (I don't think it's a
reserved word, so the escaping is unnecessary there), and the column
is "catagory". Is one of those incorrect?

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1") Jai <jaiprakashsingh213@gmail.com> - 2013-12-09 00:41 -0800
  Re: ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1") Daniel Watkins <daniel@daniel-watkins.co.uk> - 2013-12-09 09:32 +0000
  Re: ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1") Chris Angelico <rosuav@gmail.com> - 2013-12-09 20:36 +1100
  Re: ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1") MRAB <python@mrabarnett.plus.com> - 2013-12-09 18:06 +0000
  Re: ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1") Dan Stromberg <drsalists@gmail.com> - 2013-12-10 08:23 -0800
  Re: ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1") Chris Angelico <rosuav@gmail.com> - 2013-12-11 03:28 +1100
  Re: ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1") nowebdevmyrrh@gmail.com - 2014-02-25 09:37 -0800
    Re: ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1") MRAB <python@mrabarnett.plus.com> - 2014-02-25 18:10 +0000

csiph-web