Path: csiph.com!usenet.pasdenom.info!news.albasani.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.001 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'syntax': 0.03; '%s"': 0.07; 'escape': 0.07; 'params': 0.07; 'subject:code': 0.07; 'cursor': 0.09; 'name):': 0.09; 'def': 0.10; 'subject:error': 0.11; '"insert': 0.16; 'description)': 0.16; 'from:addr:mrabarnett.plus.com': 0.16; 'from:addr:python': 0.16; 'from:name:mrab': 0.16; 'inserting': 0.16; 'message- id:@mrabarnett.plus.com': 0.16; 'spec)': 0.16; 'spec,': 0.16; 'wrote:': 0.17; 'code.': 0.20; 'all,': 0.21; 'header:In-Reply- To:1': 0.25; 'header:User-Agent:1': 0.26; '(which': 0.26; 'values': 0.26; 'skip:( 20': 0.28; 'facing': 0.29; 'received:192.168.1.3': 0.29; "they'll": 0.29; 'included': 0.29; "i'm": 0.29; 'that.': 0.30; 'query': 0.30; 'error': 0.30; 'code': 0.31; 'could': 0.32; 'quotes': 0.33; 'to:addr:python-list': 0.33; 'but': 0.36; 'skip:m 40': 0.36; 'subject:: ': 0.38; 'description': 0.39; 'to:addr:python.org': 0.39; 'received:192': 0.39; 'received:192.168': 0.40; 'help': 0.40; "you've": 0.61; 'face': 0.61; 'here': 0.65; 'header:Reply-To:1': 0.68; 'reply-to:no real name:2**0': 0.72; 'reply-to:addr:python.org': 0.84 X-CM-Score: 0.00 X-CNFS-Analysis: v=2.0 cv=dNckaZlb c=1 sm=1 a=0nF1XD0wxitMEM03M9B4ZQ==:17 a=O2Kvzccb_dQA:10 a=TRmzn3G4XzYA:10 a=ihvODaAuJD4A:10 a=OUOv7kDek9cA:10 a=8nJEP1OIZ-IA:10 a=EBOSESyhAAAA:8 a=8AHkEIZyAAAA:8 a=_KIH2scg_i0A:10 a=e5S117o3yVfY4Se_HAUA:9 a=wPNLvfGTeEIA:10 a=0nF1XD0wxitMEM03M9B4ZQ==:117 X-AUTH: mrabarnett:2500 Date: Tue, 11 Dec 2012 00:51:09 +0000 From: MRAB User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: python-list@python.org Subject: Re: MySQLdb insert HTML code error References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: python-list@python.org List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 27 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1355187064 news.xs4all.nl 6904 [2001:888:2000:d::a6]:37747 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:34590 On 2012-12-11 00:04, Anatoli Hristov wrote: > Hi all, > > I'm facing an issue inserting an html code into the DB, it comes out > with a syntax error but I face it only when I have html code. Could > help me escape the error somehow ? > > Here is my code > > def InsertSpecsDB(product_id, spec, lang, name): > db = MySQLdb.connect("localhost","getit","opencart") > cursor = db.cursor() > sql = ("INSERT INTO product_description (product_id, language_id, > name, description) VALUES ('%s','%s','%s','%s')") > params = (product_id, lang, name, spec) > cursor.execute(sql, params) > id = cursor.lastrowid > print"Updated ID %s description %s" %(int(id), lang) > return id > You're using a parametrised query (which is good :-)), but you've included quotes around the placeholders. There's no need to do that. They'll be quoted automatically when necessary: sql = "INSERT INTO product_description (product_id, language_id, name, description) VALUES (%s,%s,%s,%s)"