ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S SIZE 11.5 NEW IN BOX', '$49.99')' at line 1")

Chris Angelico rosuav at gmail.com
Mon Dec 9 10:36:11 CET 2013


On Mon, Dec 9, 2013 at 7:41 PM, Jai <jaiprakashsingh213 at gmail.com> wrote:
>     for x , y in zip(lst_content, lst_price):
>         sql = """insert into `category` (url, catagory,price) VAlUES ('%s', '%s', '%s')"""%(link1,x,y)
>         #print sql
>         sql = unicodedata.normalize('NFKD', sql).encode('ascii','ignore')
>         #sys.exit(0)
>         cursor.execute(sql)

My reading of your error message suggests that you just came across an
item category with an apostrophe in it. What you've done here is
horribly dangerous - it's an invitation for SQL injection attacks. Do
not EVER do this sort of thing, it will always come back to bite you!

Look into parameterized queries. They are the right way to do this.
Read up on SQL injection and how to avoid it.

Also: Encoding to ASCII, ignore, is a bad idea. You'll do far better
to tell MySQL to use UTF-8 and then store true Unicode. Though you may
find that you'll do better to get a better database like PostgreSQL,
as MySQL has been known to have some issues with Unicode (not sure if
they're all fixed; MySQL has enough other problems that I don't bother
with it any more).

Small tip, also: Spelling "VAlUES" with a lower-case L is only going
to confuse people, mainly yourself :) You also seem to be inconsistent
with your names - the table is called "category" (I don't think it's a
reserved word, so the escaping is unnecessary there), and the column
is "catagory". Is one of those incorrect?

ChrisA



More information about the Python-list mailing list