DEV Community

Hussein Ouda
Hussein Ouda

Posted on

A problem with a Python function to modify the information in the database

I wrote a Python function to modify the data and information entered in the database

def update(self):
        con = pymysql.connect(
            host = 'localhost',
            user = 'root',
            password = '',
            database = 'employ')
        cur = con.cursor()
        cur.execute("update employees set family_members=%s, social_status=%s, gender=%s, date_birth=%s, id_number=%s, mail=%s, name=%s where id=%s",(
                    self.family_members_var.get(),
                    self.social_status_var.get(),
                    self.gender_var.get(),
                    self.date_birth_var.get(),
                    self.id_number_var.get(),
                    self.mail_var.get(),
                    self.name_var.get(),
                    self.id_var.get()
                    ))
        con.commit()
        self.fetch_all()
        self.clear()
        con.close()
Enter fullscreen mode Exit fullscreen mode

I got the following error:

pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1")
Enter fullscreen mode Exit fullscreen mode

Please Help

Discussion (2)

Collapse
darkain profile image
Vincent Milum Jr

instead of executing the SQL, print the SQL out to the console or a file.

You'll start to notice that the way you're building the SQL query string is unsafe, if it doing in-place replacing without converting to SQL native and properly escaped strings.

Collapse
hussein_ouda profile image
Hussein Ouda Author

I did not understand what you meant!
Can an example be given?