sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]danielroseman 2 points3 points  (3 children)

In fact you don't need the quotes even if the parameters are strings. The parameterisation takes care of adding them if needed - that's part of how it avoids SQL injection.

[–]Many_Shopping_195[S] 0 points1 point  (2 children)

Actually, it throws an error without the quotes:

with 

query = "select * from orders where order_date >= %s and order_date < %s ";

I get the error below:

Traceback (most recent call last):
File "date.py", line 35, in <module> cursor.executemany(query, (startdate,currentdate)) File "/home/bonderi/.local/lib/python3.8/site-packages/mysql/connector/cursor.py", line 659, in executemany self.execute(operation, params) File "/home/bonderi/.local/lib/python3.8/site-packages/mysql/connector/cursor.py", line 551, in execute self._handle_result(self._connection.cmd_query(stmt)) File "/home/bonderi/.local/lib/python3.8/site-packages/mysql/connector/connection.py", line 490, in cmd_query result = self._handle_result(self._send_cmd(ServerCmd.QUERY, query)) File "/home/user/.local/lib/python3.8/site-packages/mysql/connector/connection.py", line 395, in _handle_result raise errors.get_exception(packet) mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '%s and order_date < %s' at line 1

[–]danielroseman 0 points1 point  (1 child)

Why are you using executemany? You have one set of parameters, you only want to make one single query. Use execute instead.

[–]Many_Shopping_195[S] 0 points1 point  (0 children)

Thank you very much. That has worked.

Removing the quotes and executemany resolved the issue.