I am encountering a problem while updating a table. The code is from telegram bot. We are receiving messages from user, and asking him for a name. This is the variable 'first_name'. We already know his user_id which is integer. Then I am trying to do
def bd_set(body):
cursor.execute(body)
connect.commit()
bd_set(f"INSERT INTO user_info (user_id,first_name) VALUES({user_id},{first_name})")
and getting an error:
no such column "John".
But if I try without variable, the code works:
bd_set(f"INSERT INTO user_info (user_id,first_name) VALUES({user_id},'John')")
So, I cannot input varibale (first_name), while variable'user_id' inputs easily.
what can solve the issue?
CodePudding user response:
It seems like firstname is getting parsed twice, could you try wrapping the first occurrence with backticks.
bd_set(f"INSERT INTO user_info (user_id,`first_name`) VALUES({user_id},{first_name})")
CodePudding user response:
You have a problem with quotation marks. As first_name is a string, and as you are using f string, you need to use quotation marks
bd_set(f"INSERT INTO user_info (user_id,first_name) VALUES({user_id},'{first_name}')")
You should try to use prepared statements to avoid this kind of problems and to avoid sql injection