Home > Back-end >  MySQL update with variable
MySQL update with variable

Time:02-28

I am encountering a problem while updating a table. The code is from telegram bot. We are receiving messages from user, and asking him for a name. This is the variable 'first_name'. We already know his user_id which is integer. Then I am trying to do

def bd_set(body):
    cursor.execute(body)
    connect.commit()

bd_set(f"INSERT INTO user_info (user_id,first_name) VALUES({user_id},{first_name})")

and getting an error: no such column "John".

But if I try without variable, the code works:

bd_set(f"INSERT INTO user_info (user_id,first_name) VALUES({user_id},'John')")

So, I cannot input varibale (first_name), while variable'user_id' inputs easily.

what can solve the issue?

CodePudding user response:

It seems like firstname is getting parsed twice, could you try wrapping the first occurrence with backticks.

bd_set(f"INSERT INTO user_info (user_id,`first_name`) VALUES({user_id},{first_name})")

CodePudding user response:

You have a problem with quotation marks. As first_name is a string, and as you are using f string, you need to use quotation marks

bd_set(f"INSERT INTO user_info (user_id,first_name) VALUES({user_id},'{first_name}')")

You should try to use prepared statements to avoid this kind of problems and to avoid sql injection

  • Related