-1

I am attempting to do an INSERT in MySQL: 

 insert = "INSERT INTO newspapers (title , description, newspaper, updated) VALUES ('{0}','{1}','{2}','{3}')".format(
            str(title), str(description), str(id), str(updated))

I get this error:

INSERT INTO newspapers (title , description, newspaper, updated) VALUES ('b'Bonomi: polic\xc3\xadas "entregan" casas de Carrasco y Punta Gorda a delincuentes'','b'Robaron en el domicilio del Jefe de Polic\xc3\xada de Montevideo, Mario Layera, y tambi\xc3\xa9n quisieron ingresar al del subsecretario de Interior, Jorge V\xc3\xa1zquez'','1','2015-02-12 13:34:43.843586')
    Traceback (most recent call last):
      File "/Users/user/Desarrollo/news/parser.py", line 85, in <module>
        cur.execute(insert)
      File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/site-packages/pymysql/cursors.py", line 135, in execute
        result = self._query(query)
      File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/site-packages/pymysql/cursors.py", line 274, in _query
        conn.query(q)
      File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/site-packages/pymysql/connections.py", line 714, in query
        self._affected_rows = self._read_query_result(unbuffered=unbuffered)
      File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/site-packages/pymysql/connections.py", line 865, in _read_query_result
        result.read()
      File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/site-packages/pymysql/connections.py", line 1062, in read
        first_packet = self.connection._read_packet()
      File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/site-packages/pymysql/connections.py", line 830, in _read_packet
        packet.check_error()
      File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/site-packages/pymysql/connections.py", line 348, in check_error
        raise_mysql_exception(self._data)
      File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/site-packages/pymysql/err.py", line 116, in raise_mysql_exception
        _check_mysql_exception(errinfo)
      File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/site-packages/pymysql/err.py", line 109, in _check_mysql_exception
        raise errorclass(errno,errorvalue)
    pymysql.err.ProgrammingError: (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'Bonomi: polic\\xc3\\xadas "entregan" casas de Carrasco y Punta Gorda a delincuente\' at line 1')
Grijesh Chauhan
  • 57,103
  • 20
  • 141
  • 208
Fabián
  • 1
  • 2
  • 1
    There is a part of the error message missing. Can you add it please. – Jens Feb 12 '15 at 15:39
  • Why are you not using parametrized queries? – Ignacio Vazquez-Abrams Feb 12 '15 at 15:39
  • You cut off the entire error message. Can you post the whole message? Also, does the SQL string with the value substituted in work OUTSIDE your program, or do you get the same error message. – Matt Runion Feb 12 '15 at 15:39
  • 1
    Check if you have a single quote character in any of your vars – Ananth Feb 12 '15 at 15:41
  • You need to escape the special characters -- like the tick marks, etc. in the string you are inserting. Do a search on SQL Injection for some handy pointers on handling things like this. – Matt Runion Feb 12 '15 at 15:44
  • as I can do it because the values are brought by a parsing – Fabián Feb 12 '15 at 15:47
  • @mrunion I try to do so but still fails insert = "INSERT INTO newspapers (title , description, newspaper, updated) VALUES ('{0}','{1}','{2}','{3}')".format( str(re.escape(title)), str(re.escape(description)), str(id), str(updated)) – Fabián Feb 12 '15 at 16:13
  • With the same error message? Can you copy the SQL from the error message and past it into your database manager/tool and run it and it work? There is an error in the SQL that is being generated. It just has to be found. – Matt Runion Feb 12 '15 at 16:16
  • @mrunion ERROR: Unknown Punctuation Mark @ 83 STR: \\ \\ SQL: INSERT INTO newspapers (title, description, newspaper, updated) VALUES ('b'Bonomi \\ \\ \\\ police xc3 you xadas \\ \\ \\\ "delivered \\" \\ \\ houses of \ \ Carrasco and \\ \\ \\ Punta Gorda \\ a \\ criminals' ',' b'Robaron on \\ \\ \\ the \\ home \\ the \\ Chief of \\ \\\ xc3 Polic \ XADA \\ \\ \\ of Montevideo \\ \\ \\ Layera Mario \\ \\ \\\ xc3 and also \\ \\ \\\ xa9n wanted to enter \\ \\ \\ to \\ the secretary Interior \\ \\ \\ to \\ V \\ \\\ Jorge xc3 xa1zquez \\\ '', '1', '12/02/2015 14: 10: 59.048927') – Fabián Feb 12 '15 at 16:26
  • I still see embedded single-ticks. For example: VALUES('b'Bonomi...'' That is not going to work. It should be similar to: VALUES('b\'Bonomi....\'') if you want the ticks in the data. – Matt Runion Feb 12 '15 at 16:28
  • @mrunion as I can do to make it work? – Fabián Feb 12 '15 at 16:48

1 Answers1

0
  1. make sure your values have something in them
  2. Make sure there are no spelling mistakes
  3. try this code outside your program
Deimantas
  • 56
  • 1
  • 14