0

I'm resorting to overflow as a last ditch effort. I have been facing this bug for an incredibly long time and I have had no luck. I will try anything.

My sql command is

update_query = """
UPDATE users_data
SET stocks = """+str(stock)+"""
WHERE id = """+str(userid)
cursor = connection.cursor(buffered=True)
cursor.execute(update_query)
connection.commit()

context: the variable stock is a list before I use str() on it. userid is an int before I use str() on it. the column stocks has a datatype of mediumtext the column id has a datatype of text

the error I receive is

mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '['gme', '1'] WHERE id = 407081272293326858' at line 2

Please help

asked Jan 21, 2021 at 14:10
3
  • You should use a format string or another approach to your query as this approach is vulnerable to sql injections. Commented Jan 21, 2021 at 14:17
  • See stackoverflow.com/a/9433548/3050664. Commented Jan 21, 2021 at 14:24
  • 2
    Learn to use parameters! Commented Jan 21, 2021 at 14:33

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.