what does sqlite3.OperationalError: near "t": syntax error means
Suppose name
contains a single quote followed by a t
, as in
name = "don't look now"
sql = "update foo set is_processed=1 where bar='"+name+"'"
Then sql
would equal
In [156]: sql
Out[156]: "update foo set is_processed=1 where bar='don't look now'"
and sqlite3 will think the conditional is where bar='don'
followed by a syntax error, t look now'
. sqlite3
then raises
sqlite3.OperationalError: near "t": syntax error
This is an example of why you should always use parametrized SQL. To avoid this problem (and protect your code from SQL injection attacks), use parametrized SQL and pass a sequence (or, depending on the paramstyle, a mapping) of values as the second argument to cursor.execute
:
sql = "update foo set is_processed=1 where bar=?"
cursor.execute(sql, [name])
When you pass arguments (such as [name]
) as the second argument tocursor.execute
, sqlite3 will escape the single-quote for you.
Per the Python Database API, when you pass parameters
as the second argument to cursor.execute
(my emphasis):
The module will use the
__getitem__
method of the parameters object to map
either positions (integers) or names (strings) to parameter values. This
allows for both sequences and mappings to be used as input.The term bound refers to the process of binding an input value to a database
execution buffer. In practical terms, this means that the input value is
directly used as a value in the operation. The client should not be required
to "escape" the value so that it can be used — the value should be equal to
the actual database value
Here is a runnable toy example to help see the problem and how it is avoided using parametrized SQL:
import sqlite3
with sqlite3.connect(':memory:') as conn:
cursor = conn.cursor()
cursor.execute('''CREATE TABLE foo
(id INTEGER PRIMARY KEY AUTOINCREMENT,
bar TEXT,
is_processed BOOL)''')
name = "don't look now"
sql = "update foo set is_processed=1 where bar='"+name+"'"
print(sql)
cursor.execute(sql)
# comment out `cursor.execute(sql)` above and compare with
# sql = "update foo set is_processed=1 where bar=?"
# cursor.execute(sql, [name])
SQLite3 OperationalError: near "(": syntax error
If your intent is to fetch ISD_NAME
column values and replace "Statewide" with " Statewide" remove ISD_NAME
after SELECT
statement.
For instance, assuming you have a table like this:
CREATE TABLE enr("id" PRIMARY KEY, "ISD_NAME" VARCHAR);
INSERT INTO enr VALUES (1, "somethingStatewide");
Your script becomes:
cmd = 'SELECT replace(ISD_NAME,"Statewide"," Statewide") FROM enr'
cur.execute(cmd)
Test with print:
records = cur.fetchall()
print(records)
Here the result:
[(u'something Statewide',)]
sqlite3.OperationalError: near "=": syntax error
You should not use the parentheses after your SET
operator.
You can have more details on the following resources:
- The official query language documentation: https://www.sqlite.org/lang_update.html
- One of many tutorials: http://www.sqlitetutorial.net/sqlite-update/
Your query should be UPDATE rfidTage SET forename = ?, surename = ?, permission = ? WHERE id = ?
.
sqlite3.OperationalError: near ",": syntax error, select where in
Your query is syntactically correct if the version of SQLite you are using is 3.15.0+.
I suspect that it is older, so ROW VALUES are not supported.
Here is an equivalent query that uses EXISTS
:
SELECT t.a, t.b, t.c
FROM belge_yeni t
WHERE EXISTS (SELECT 1 FROM belge_yeni WHERE a = t.a AND b = t.b AND rowid <> t.rowid)
ORDER BY t.a, t.b DESC
What does sqlite3.OperationalError: near "-": syntax error mean?
Vertriebs- und Verwaltungskosten INTEGER,
You can't put a dash directly in the code. Instead, wrap each variable name
in quotation marks (or remove the dash).
"Vertriebs- und Verwaltungskosten" INTEGER,
Getting error "sqlite3.OperationalError: near ")": syntax error"
You have an extra parenthesis in this line
sql= "INSERT INTO inventory(car_make,car_model, registration_plate,colour,cost,total_cost,selling_price,assumed_profit) VALUES) (?,?,?,2,?,?,2,?)"
VALUES)
should be VALUES
.
sqlite3.OperationalError: near "%": syntax error searching wildcard
You must concatenate the wildcards to the placeholder:
cursor.execute("SELECT * FROM article WHERE name LIKE '%' || ? || '%'", (letter,)).fetchall()
sqlite3.OperationalError: near "?": syntax error while trying to import data from csv into sqlite
Your syntax is missing VALUES
:
INSERT INTO users VALUES(?,?,?)
Related Topics
Add Numpy Array as Column to Pandas Data Frame
Valueerror: Time Data Does Not Match Format When Parsing a Date
How-To Run Tensorflow on Multiple Core and Threads
How to Get Interactive Plots Again in Spyder/Ipython/Matplotlib
Split/Explode a Column of Dictionaries into Separate Columns With Pandas
How to Add a Path to Pythonpath in Virtualenv
How to Print Only the Last Value in a for Loop
Splitting One CSV into Multiple Files
Adding a Data File in Pyinstaller Using the Onefile Option
Filenotfounderror: [Errno 2] No Such File or Directory
How to Make Python Get the Username in Windows and Then Implement It in a Script
Masking User Input in Python With Asterisks
Filtering a Pyspark Dataframe Using Isin by Exclusion
Print the Student Name and the Score of Student in Python3
How to Make a Tkinter Label Background Transparent