Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
W
W
Wearant2021-12-01 02:30:13
Python
Wearant, 2021-12-01 02:30:13

How to update psycorp2 data?

Please tell me what is the reason for the error?

db_connection = psycopg2.connect(DB_URI, sslmode="require")
db_object = db_connection.cursor()
db_object.execute(f"UPDATE users SET first_name = {first_name} WHERE id = {user_id}")


syntax error at or near "Paul"
LINE 1: UPDATE users SET first_name = Paul WHERE id =*****
^

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
antares4045, 2021-12-01
@Wearant

db_object.execute(f"UPDATE users SET first_name =? WHERE id =? ", [first_name, user_id] )
Or at least
db_object.execute(f"UPDATE users SET first_name = '{first_name}' WHERE id = '{ user_id}' ")
Read up on sql injections at your leisure: the anecdote about a student named DROP DATABASE will become clearer.
Upd:
Toli psycopg2, roofing felts cx_Oracle three years ago required to explicitly specify the type of injected: that is, perhaps all the question marks should be put % s

Similar questions
C
csharpnoob2017-07-03 15:06:31
How to implement a generic repository in c#? 3Reply
K
Kirill Morozov2017-07-17 18:31:57
How to rewrite code that works in Python 2.7 so that it works in version 3.6? 2Reply
Q
Quick Home2017-07-20 16:20:42
Which CMS to take for a project/portfolio archive with sorting by several parameters? 4Reply
N
NikSIk312019-12-28 11:58:06
Literature on cryptography: from school to university? 4Reply
T
timonck2020-12-31 18:22:49
How to overwrite values ​​in an array of objects? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question