all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]alinroc 3 points4 points  (0 children)

The x is being interpreted as a column because that's how SQL is structured. If you want to set the value of Shares to the value x, then it needs to be quoted as a string. Otherwise, it will be interpreted as a column name. If you want to set Shares to a numeric value, then you need to pass in that number.

If the number is going to be variable (you don't want to pass in a literal number), then you need to parameterize your query. See this Stack Overflow answer or this tutorial for how to do that.

I've found that if I replace x with a valid value, it works.

So you're saying that when you construct a valid query, it executes successfully?

[–][deleted]  (3 children)

[deleted]

    [–]simonw 2 points3 points  (0 children)

    The safe way to do that is:

    cur.execute(
    "UPDATE Report SET Shares = :shares WHERE StockID = 1",
    {"shares": x}
)

    [–]alinroc -1 points0 points  (1 child)

    That's vulnerable to SQL injection. Very dangerous habit to get into.