Can please somebody tell me whats wrong about my Syntax? I try since 2 days to get a decent answer on this matter, but wether people just give me minus points or refer me to to the Django docs I already read https://docs.djangoproject.com/en/3.0/topics/db/sql/
tablename = '2020-10-table'
v_col = ["userID int(11)", "TID varchar(128)", "CID varchar(128)", "SID varchar(255)", "Timestamp bigint(20)", "LX int(10)", "LocY int(10)", "Width int(10)", "Height int(10)", "Tag varchar(512)"]
connection.execute("""CREATE TABLE IF NOT EXISTS `%s` %s""", [tablename, '( '+str(', '.join(v_col))+' )'])
I keep receiving this:
MySQLdb._exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''( userID int(11), TI ......
Can anyone please point out my issue?
UPDATE:
I figured out that Django processes my string internally as bytestring:
b"CREATE TABLE IF NOT EXISTS `'2020-10-table'` '(userID int(11), TID varchar(128), CID varchar(128), SID varchar(255), Timestamp bigint(20), LX int(10), LocY int(10), Width int(10), Height int(10), Tag varchar(512))'"
which is obviously no valid sql?!?
Now I don't know how to proceed.
First i think you should not to use '%s', if these quotes around the %s because this leaves your database free for sql injection attacks
Second i think you have to use connection.cursor like this:
with connection.cursor() as cursor:
cursor.execute("""CREATE TABLE IF NOT EXISTS %s %s""", [tablename, '( '+str(',
'.join(v_col))+' )'])
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.