Populating a PostgreSQL database with Python error -


i'm trying populate database, getting syntax error.

i have multiple lists data, several lists include lists.

injury_act_1 = ('2017-01-16 15:36:38','injury','unsafe act', 'true', 'false', 'while lifting 50 lb item floor onto wokrstation, employee felt sharp pain in lower back.','the employee ran out of room on workstation because takeaway conveyor inoperable')

this repeats 10 times. there more lists action items injuries, audits, , action items audits.

i have function insert these database.

def populate():     params = config()     # connect postgresql server     conn = psycopg2.connect("dbname = safety")     cur = conn.cursor()      in range(len(injuries)):         incident = (             """             insert incident (                             date_time,                             incident_type,                             incident_cat,                             injury,                             property_damage,                             description,                             root_cause                             )                 values (                     """+ injuries[i][0] +""",                     """+ injuries[i][1] +""",                     """+ injuries[i][2] +""",                     """+ injuries[i][3] +""",                     """+ injuries[i][4] +""",                     """+ injuries[i][5] +""",                     """+ injuries[i][6] +"""             """)          cur.execute(incident)         print("injury case added!")          action_items = (             """             insert action_items (                             case_id,                             finding,                             corrective_action                             )                 values (                     """+ (i+1) +""",                     """+ injuries[i][4] +". "+ injuries[i][5] +""",                     """+ actions[i] +""",                     )              """             )          cur.execute(action_items)         print("action item added!")      j in range(len(audits)):         audit = (             """             insert audit (                             date_time,                             type,                             que_1,                             que_2,                             que_3,                             ans_1,                             ans_2,                             ans_3,                             )                 values (                     """+ str(audits[i][0]) +""",                     """+ audits[i][1] +""",                     """+ audits[i][2] +""",                     """+ audits[i][3] +""",                     """+ audits[i][4] +""",                     """+ audits[i][5] +""",                     """+ audits[i][6] +""",                     """+ audits[i][7] +"""             """             )          cur.execute(audit)         print("audit added!")          action_items_a = (             """             insert action_items (                             audit_id,                             finding,                             corrective_action                             )                 values (                     """+ (i+1) +""",                     'audit deficiency',                     """+ actions_a[i] +""",                     )             """             )          cur.execute(action_items_a)         print("action item added!")      cur.close()     conn.commit()  populate()

i keep getting error:

traceback (most recent call last):     file "database_populator.py", line 204, in <module>         populate()     file "database_populator.py", line 137, in populate         cur.execute(incident) psycopg2.programmingerror: syntax error @ or near "15" line 12:        2017-01-16 15:36:38,                             ^

take step here , @ how you'e forming query. try avoid using string concatenation query building, , user-supplied input of kind. it's not bug-prone (as have found) a security nightmare.

your code should use psycopg2's bind parameter support, looking more like:

incident = (             """             insert incident (                             date_time,                             incident_type,                             incident_cat,                             injury,                             property_damage,                             description,                             root_cause                             )                 values (""" + (["%s"] * 7).join(", ") + ")"     cur.execute(incident, injuries)

so lets psycopg2 take care of escaping , formatting.

you can write out 7 literal %ss, %s, %s, %s, ... if want. prefer above form.

this way if tricks app accepting string in injuries, ');drop table incident;--, won't in such trouble.


Comments

Post a Comment

Popular posts from this blog

ubuntu - PHP script to find files of certain extensions in a directory, returns populated array when run in browser, but empty array when run from terminal -

i running os ububtu 16.04. ultimate goal able run php script cron job every minute. here php script located @ /var/www/html/tests/test/index.php : <?php $directorypath = $_server['document_root']."/tests/test/data/"; echo "directorypath: $directorypath<br><br>";//check $imagefilepathsarray = glob($directorypath . "*.{png,gif}", glob_brace); echo "<br><br>imagefilepathsarray: "; print_r($imagefilepathsarray);//check ?> when open php script in browser visiting url my-ip-address/tests/test/index.php , get: directorypath: /var/www/html/tests/test/data/ imagefilepathsarray:array( [0] => /var/www/html/tests/test/data/pic.png [1] => /var/www/html/tests/test/data/pic.gif ) before writing cron job in crontab file, need check if can run anywhere using terminal . opened ubuntu terminal @ /home/ location, , executed in terminal: sudo php /var/www/html/tests/test/index.php i got following out...
Read more

php - How can i create a user dashboard -

today have questions you, want create user dashboard site, include (obviously), users data, example -email -username -and others stuff how can information, , print them in html page? if can, how can these information via php sessions? shuld use session? example, if user login, , start new session ( session_start() ), how can data print in dashboard? should use php "project"? in advice, have day , thank time!
Read more

javascript - How to detect toggling of the fullscreen-toolbar in jQuery Mobile? -

i have jquery mobile page fixed full-screen toolbar, data-tap-toggle enabled. straight under toolbar have positioned banner should slide upwards when toolbar hiding , slide downward when toolbar showing. jquery mobile toggles toolbar applying , removing ui-fixed-hidden class - sadly, can't find in documentation of toolbar widget toggle , hide or show event that. how can detect when toolbar toggled, reposition banner? .banner { position: fixed; background-color: darkseagreen; top: 46px; min-height: 48px; width: 100%; text-align: center; line-height: 48px; } <!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <link rel="stylesheet" href="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.css"> <script src="https://code.jquery.com/jquery-1....
Read more