python sqlite3 parameterization - insert throws no such column error

Question

Insert in columns with parameterized query throws no such column error

First (working) example:

        # unit test input
        name = "issue_number_1"
        text = "issue_text"
        rating_sum = 0

        if name:

            # check if issue is already in db
            with self.conn:  # this should release the connection when finished
                test = cursor.execute("SELECT name, text FROM issue WHERE name = ?", (name,))
                data = test.fetchall()
                print(data)

this is working and prints:

[('issue_number_1', 'issue_text')]

Second (non working) example:

        # unit test input
        name = "issue_number_2"
        text = "issue_text"
        rating_sum = 0

        if name:

            with self.conn:
                sql_string = "INSERT INTO issue (name, text, rating_sum) VALUES (name = ?, text = ?, rating_sum = ?)"
                cursor.execute(sql_string, (name, text, rating_sum,))

throws this error:

cursor.execute(sql_string, (name, text, rating_sum,))
sqlite3.OperationalError: no such column: name

• the column name exists, the first example proofed that
• the name: "issue_number_2" does not exist in the DB
• the second example fails exactly same with only name to insert (only one parameter)
• i had no problems inserting with string concatenation so the problem should be in my second example code somewhere

Answer 1

You need to add single quote.for example:

"INSERT INTO table (field) VALUES ('$1')"

add just values in second () and add single quote around string values.

Answer 2

After a lot of experiments i was a little bit confused....

This is the right syntax:

 sql_string = "INSERT INTO issue (name, text, rating_sum) VALUES (?, ?, ?)"
 cursor.execute(sql_string, (name, text, rating_sum,))

Answer 3

The statement:

INSERT INTO .... VALUES ....

is an SQL statement and the correct syntax is:

INSERT INTO tablename (col1, col2, ...) VALUES (expr1, expr2, ...)

where col1, col2, ... are columns of the table tablename and expr1, expr2, ... are expressions or literals that are evaluated and assigned to each of the columns col1, col2, ... respectively.

So the syntax that you use is not valid SQL syntax.
The assignment of the values is not performed inside VALUES(...) .
The correct syntax to use in Python would be:

INSERT INTO issue (name, text, rating_sum) VALUES (?, ?, ?)