Escaping confusion with Python 3 + MySQL

[breamoreboy at gmail.com]

On Sunday, March 26, 2017 at 4:11:54 PM UTC+1, Νίκος Βέργος wrote:
> Τη Κυριακή, 26 Μαρτίου 2017 - 5:49:00 μ.μ. UTC+3, ο χρήστης Ian έγραψε:
> 
> > The database wrapper won't do substitution into the middle of a string
> > like that. Either concatenate the literal %'s on in the SQL statement
> > or add them to the string before you pass it in, i.e. '%' + domain +
> > '%' or '%%%s%%' % domain or '%{}%'.format(domain).
> 
> I just tried:
> 
> domain = '.'.join( host.split('.')[-2:] )
> domain = '%' + domain + '%'
> 
> cur.execute('''UPDATE visitors SET (pagesID, host, ref, location, useros, browser, visits) VALUES (%s, %s, %s, %s, %s, %s, %s) WHERE host LIKE "%s" ''', 
> 																																			(pID, domain, ref, location, useros, browser, lastvisit, domain) )
> 
> 
> and i received no error in the error_log but
> ProgrammingError(1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '(pagesID, host, ref, location, useros, browser, visits) VALUES (1, '%cyta.gr%', ' at line 1")
> 
> which you can see at http://superhost.gr
> 
> You said somethign about concatenating the literal % in the SQL to which i didnt actually i understand how to implement.

I knew that I had a sense of deja vu about this https://mail.python.org/pipermail/python-list/2013-June/649809.html

Kindest regards.

Mark Lawrence