cant resolve cryptic error in Python/sqlite program

Question

Im running into this error that I can't work out Im writing some code in Python using tkinter interface to transfer data from a text file to sqlite.

first, here is the relevant code:

def submit_data(self):
    self.new_filename = self.file_entry.get()
    self.new_tablename = self.table_entry.get()
    self.new_fieldname = self.field_entry.get().split(',')

    #print(self.new_fieldname)
    self.create_new.destroy()

    from sqlite3 import dbapi2 as sqlite

    con = sqlite.connect(self.new_filename)    
    cur = con.cursor()
    cur.execute('CREATE TABLE ' + self.new_tablename + '(id INTEGER PRIMARY KEY)')
    for field in self.new_fieldname:
        cur.execute('ALTER TABLE ' + self.new_tablename + ' ADD ' + field)

    with open(self.filename, 'r', encoding='latin-1') as self.the_file:    
        status = True
        #_keynumber=1
        while status:
            _row = self._next_line()

            if _row:
                _entry_list = _row.split(',')
                # add space after text line comma for formatting
                _entry_list = ', '.join(_entry_list)
                #print(_entry_list)

                #entries = {'row': _keynumber, 'entry': _entry_list} 
                #row_entry = "INSERT INTO " + self.new_tablename + " VALUES(" + _entry_list + ")"
                cur.execute("INSERT INTO " + self.new_tablename + " VALUES(" + _entry_list + ")")

                #_colrange = range(_colamount)                    

                #_keynumber+=1

            else:
                status = False   

        con.commit()

At the cur.execute("INSERT INTO " ... line (about 6 lines up) I get this error: ** cur.execute("INSERT INTO " + self.new_tablename + " VALUES(" + _entry_list + ")") sqlite3.OperationalError: near ".": syntax error**

I have changed this around in many different ways. At one time I had the whole "INSERT INTO ... VALUES ...." string as a variable and used

cur.execute(*variable*)

when I did it this way the error was the same except "OperationalError: near "." was "OperationalError: near "of" ... and there was no 'of' anywhere.

Im really confused and frustrated. Someone break this down for my please??

Thanks F

the text file lines its reading are set up like this: A Big Star In Hollywood,Sandra Dickinson

so I had figured that if I use .join() to put a space after the comma then the string would be the equivalent of two VALUES for the INSERT INTO statement.

Answer 1

Remove

_entry_list = ', '.join(_entry_list)

and use

cur.execute("INSERT INTO " + self.new_tablename + "(" + ",".join(self.new_fieldname) +") VALUES(" + ",".join(("?" for i in xrange(len(_entry_list)))) + ")", _entry_list)

This will parameterize your query and automatically quote all value in _entry_list.

You still have to manually quote self.new_tablename and self.new_fieldname . This should be before you use them in any sql statements.

Answer 2

You need to quote your strings.

As written, your SQL statement is:

INSERT INTO foo VALUES(Hello there, world, I am, unquoted, string, not good)

You should use:

INSERT INTO foo VALUES("Hello there","world","I am","quoted","string","hooray")

Answer 3

I suggest you do the following:

a) Instead of executing the statement, print it to the console. Change the line:

cur.execute("INSERT INTO " + self.new_tablename + ...)

to:

print "INSERT INTO " + self.new_tablename + ...

b) Run your program after making this change. Take a look at the SQL statements that you print to the console. Are they valid SQL statements? Start a SQLite command-line, and copy/paste the statements produced by your program. Does SQLite give any errors when you try to execute the pasted statements?