Escaping confusion with Python 3 + MySQL

[Ian Kelly]

On Sun, Mar 26, 2017 at 7:39 AM, MeV <michael.vilain at gmail.com> wrote:
> On Sunday, March 26, 2017 at 6:34:30 AM UTC-7, Νίκος Βέργος wrote:
>> with import cgitb; cgitb.enable()
>>
>> ProgrammingError(1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '(pagesID, host, ref, location, useros, browser, visits) VALUES (1, 'cyta.gr', '' at line 1")
>>
>> that is all i get form error. error_log doesnt produce errors when iam trying
>>
>> cur.execute('''UPDATE visitors SET (pagesID, host, ref, location, useros, browser, visits) VALUES (%s, %s, %s, %s, %s, %s, %s) WHERE host LIKE %s''',
>>                                                                                                                                                                                                                                                                                       (pID, domain, ref, location, useros, browser, lastvisit, domain) )
>>
>> WHY the valued aren't getting substituted wi the aeguments i give it in to work with?
>
> The % construct is Python 2 and no longer supported in Python 3. You should read up on the "{}" and format method.
>
> https://docs.python.org/3/tutorial/inputoutput.html#fancier-output-formatting

Rubbish, it works just fine in Python 3:

Python 3.6.0 (default, Jan  1 2017, 22:51:19)
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> '%s %s' % ('Hello', 'world')
'Hello world'

And contrary to popular belief, it's not even deprecated (although use
of the newer format method is encouraged). What's more, in this case
it's part of the PEP 249 DBAPI specification:
https://www.python.org/dev/peps/pep-0249/#paramstyle. As far as I know
pymysql and DBAPI libraries in general don't even accept "{}".