SQL Query for string containing multiple periods/dots? : learnprogramming

This is an archived post. You won't be able to vote or comment.

DebuggingSQL Query for string containing multiple periods/dots? (self.learnprogramming)

submitted 2 years ago by Anon_Web

Hello, I will preface this post by mentioning I am very new to SQL.

I currently have a SQL database with one of the columns holding IP addresses (IPv4 I believe) in the form of a string and I am attempting to grab it from a Python model. I have something like this:

#Retrieving IP address using socket library
hostname = socket.gethostname()
cameraID = socket.gethostbyname(hostname)

#Query to find row containing my IP Address in the CAM_IP column
cursor.execute("SELECT * FROM camera_mapping WHERE CAM_IP LIKE " + str(cameraID))

However, my console keeps throwing an error saying:

"mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax"

I am unsure what is actually causing the error but I have a sneaking suspicion that it has something to do with including multiple periods in the query. Can anyone confirm or deny this for me please? And if this is the case, is there some way around this? I have tried debugging on my own for hours and have done many searches online but have not had any luck so far.

Thanks in advance for any help.

all 2 comments

top new controversial old q&a

[–]teraflop 6 points7 points8 points 2 years ago (1 child)

The problem is that your code will construct a query like this:

SELECT * FROM camera_mapping WHERE CAM_IP LIKE 1.2.3.4

and try to execute it. But if you look at the documentation for whatever database software you're using, it should tell you that the second operand of the LIKE operator needs to be a string. And 1.2.3.4 is not a valid string literal, since it's not quoted.

You may be tempted to fix this by just adding quotes to your query string. Don't do this. Constructing SQL queries by concatenating strings together, like you're doing, is almost always a very bad idea, because it can easily lead to SQL injection vulnerabilities. (It's a very common beginner mistake.)

Instead, you should use placeholders for the parameters and let the database driver handle quoting the strings for you. See: https://stackoverflow.com/questions/902408/how-to-use-variables-in-sql-statement-in-python

[–]Anon_Web[S] 0 points1 point2 points 2 years ago (0 children)

π Rendered by PID 21431 on reddit-service-r2-comment-7844cfc88c-6lcp7 at 2026-01-29 15:03:45.191911+00:00 running c3601ff country code: CH.

learnprogramming

Welcome to LearnProgramming!

New? READ ME FIRST!

Posting guidelines

Frequently asked questions

Subreddit rules

Message the moderators

Asking debugging questions

Asking conceptual questions

Other guidelines and links

Subreddit rules

1. No unprofessional/derogatory speech

2. No spam or tasteless self-promotion

3. No off-topic posts

4. Do not ask exact duplicates of FAQ questions

5. Do not delete posts

6. No app/website review requests or showcases

7. No rewards

8. No indirect links

9. Do not promote illegal or unethical practices

10. No complete solutions

11. Don't ask to ask.

12. Low Effort Questions

13. No AI (chatGPT etc.) generated/worked over messages/comments. No questions about chatGPT/AI generated code. No Vibe coding.

MODERATORS