Search code examples
pythonmysqlinsertprepared-statementpymysql

PyMySQL: Inserting data pepared statement

I am trying to insert data in the database using a prepared statement. All my columns in the database are VARCHAR, but PyMySQL gives the following error: 

Not all arguments converted during string formatting

All variables are parsed childnodes from a XML file. An example of a variable:

try:
    description1 = product.getElementsByTagName('description')[0]
    description = description1.childNodes[0].data
except IndexError:
    print('No description')
    description = 'None'

When I insert the data without the prepared statement, It works fine. But I want to use prepared statements for the escape characters.

This is my prepared statement code:

        sql = """INSERT INTO Studystore(daisycon_unique_id, title, author, isbn, price, link, image_location, category, product_condition, description, in_stock, in_stock_amount, price_shipping, language, book_edition, number_of_pages, status, insert_date, update_date)
          VALUES ('%s')"""

        args = (str(daisycon_unique_id), str(title), str(author), str(isbn), str(price), str(link), str(image_location), str(category), str(product_condition), str(description), str(in_stock), str(in_stock_amount), str(price_shipping), str(language), str(book_edition), str(number_of_pages), str(status), str(insert_date), str(update_date),)

        try:

            # Execute the SQL command
            cursor.execute(sql, args)
            # Commit your changes in the database
            db.commit()

        except Exception as e: 
            print(e)
)
Solution

  • I saw what was going wrong. This is the working code:

    # Prepare SQL query to INSERT a record into the database.
    sql = """INSERT INTO Studystore(daisycon_unique_id, title, author, isbn, price, link, image_location, category, product_condition, description, in_stock, in_stock_amount, price_shipping, language, book_edition, number_of_pages, status, insert_date, update_date)
      VALUES ("%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s")"""

    args = (daisycon_unique_id, title, author, isbn, price, link, image_location, category, product_condition, description, in_stock, in_stock_amount, price_shipping, language, book_edition, number_of_pages, status, insert_date, update_date,)

    try:

        # Execute the SQL command
        cursor.execute(sql, args)
        # Commit your changes in the database
        db.commit()

    except Exception as e:
        print(e)