0

i created 2 python script

in the 1st script i used tkinter to get the Entry of the user, then i created a button to submit the entry, the button calls a function that calls the 2nd Script as a Module

the 2nd Script i created for the queries, i used Mysql-Python-Connector, in this script i created a function with a parameter, the parameter would be the Text Variable from the first Script.

The Problem: Everytime i run the Script this error pops up:

Exception in Tkinter callback
Traceback (most recent call last):
  File "/usr/lib64/python3.8/tkinter/__init__.py", line 1883, in __call__
    return self.func(*args)
  File "mainsoft.py", line 14, in insname
    querymod.dbins(nameget)
  File "/home/akeno/Documents/giveaway/redesign/main/stack/querymod.py", line 13, in dbins
    concursor.execute(querydb,aux)
  File "/home/akeno/.local/lib/python3.8/site-packages/mysql/connector/cursor.py", line 569, in execute
    self._handle_result(self._connection.cmd_query(stmt))
  File "/home/akeno/.local/lib/python3.8/site-packages/mysql/connector/connection.py", line 598, in cmd_query
    result = self._handle_result(self._send_cmd(ServerCmd.QUERY, query))
  File "/home/akeno/.local/lib/python3.8/site-packages/mysql/connector/connection.py", line 486, in _handle_result
    raise errors.get_exception(packet)
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '%s)' at line 1

Heres the 1st Script:

mainsoft.py

from tkinter import *
from tkinter import ttk
import tkinter


root = tkinter.Toplevel()

def insname():

    nameget = varname.get()

    import querymod

    querymod.dbins(nameget)    

namelb = Label(root, text = "Name")
namelb.pack()

varname = StringVar()

nameEntry = Entry(root, textvariable = varname)
nameEntry.pack()

submitButton = Button(root, command = insname)
submitButton.pack()

root.mainloop()

Heres the 2nd script, the query script:

querymod.py

import mysql.connector

def dbins(param1):
    con = mysql.connector.connect(user = 'user1', password = 'yourpassword', host = '127.0.0.1', database = 'Student')

    concursor = con.cursor()

    aux = (param1)

    querydb = """insert into Student(Name) values(%s)"""

    concursor.execute(querydb,aux)

    con.commit()
    con.close()

Any ideas how to solve this? thanks for reading.

Improve this question
1
  • 1
    Change this aux = (param1) to this aux = (param1,) Commented May 23, 2020 at 5:44

1 Answer 1

Reset to default
1

Try instead of : 

aux = (param1)

querydb = """insert into Student(Name) values(%s)"""

concursor.execute(querydb,aux)

This : 

aux = (param1)

querydb = "insert into Student(Name) values('{}')".format(aux)

concursor.execute(querydb)
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

isn't it insecure to use .format in this case, because in other post i read that this could allow sql injection, will it be fine if i use format or is there another way to fix this problem but using the (%s)? i want the database to be safe too.
I am using this format in one of my tkinter project. I faced no problems whatsoever.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.