[Tutor] MySQLdb : I finally got it to work.

Danny Yoo dyoo at hkn.eecs.berkeley.edu
Tue Feb 21 01:31:29 CET 2006



> 1. With my configuration, I need quotes around the values that are to be
> placed  into the database, otherwise an error is raised example: ( n=
> blue --> Error 1054:n Unknown column 'blue' in 'field list' )
>                   n = raw_input("Please enter a Name: ")
>                   c =raw_input("Please enter a Color: ")
>                   cursor.execute("INSERT INTO horses(name,color)
> VALUES('%s','%s')"%(n,c))

Hi Servando,

This works.  Be aware that cursor.execute() is a little smarter than you
might think.  The email I pointed to earlier covers what might go wrong,
and how to avoid it going wrong.

Here's the link again:

    http://mail.python.org/pipermail/tutor/2003-April/022010.html

I'm just trying to make sure you understand the possibility of an "SQL
injection attack" by bugging you about this.  *grin*


Good luck!



More information about the Tutor mailing list