i use python+SQLite to code. I have been trying to create a block where a user can enter a column value to delete corresponding row data in an SQLite3 database.
Practically, the code snippet below works, but i will have to enter all email addresses manually. I want to dynamically insert the email for this SQLite Line of code so as to delete corresponding records
DELETE FROM Records WHERE email = 'xyz#xyz.com'
I have tried the following;
entered_email = input('enter email: ')
string = f" 'DELETE FROM Records WHERE email = '{entered_email}'"
c.execute(string)
It does not work. I get the error line below
sqlite3.OperationalError: near "'DELETE FROM Records WHERE email = '": syntax error
I will be very glad if i can get an explanation or description on how best to go about this. thanks
Don't concatenate user input in the query string - this opnns up your code to SQL injection.
Instead, use a parameterized query:
entered_email = input('enter email: ')
c.execute('DELETE FROM Records WHERE email = ?', (entered_email, ))
Related
I am attempting to delete records from a table based on a listbox selection in my form. The table is DailyLog & UserLoggedOn where username is a variable based on user. The listbox is Me.lstRespLBPers. The field is the table is RespLBPerson. I keep getting "Expected end of Statement" error message with the word WHERE highlighted. What am I doing wrong. Code is listed below:
sql = "DELETE * FROM DailyLog_" & UserLoggedOn WHERE [RespLBPerson] <> Me.LstRespLBPers
I tried the code and expected the records to be deleted from the table but got the error message.
I have an SQL view, MyView, containing the column ID of type nvarchar.
I wish to create an Excel query which:
takes the values from a column in an Excel sheet,
composes a string corresponding to a WHERE clause for the ID column,
calls the SQL query using this parameter string.
As far as I can tell, I am trying to achieve something very analogous to
Excel cell Value as SQL query where statement
My solution is working fine on my own computer. However, when I try to share my solution with a colleague who has the same reading permissions for the database, I end up with a 'query referencing another query' problem which throws a formula.firewall error, and no data is loaded.
My solution is as follows:
I have created a data connection, Parameters, from the column named ID in Excel which contains my ID values:
let
Source = Excel.CurrentWorkbook(){[Name="Parameters"]}[Content],
#"Changed type" = Table.TransformColumnTypes(Source,{{"ID", type text}})
in
#"Changed type"
Next, I create my parameter string as a new data source, fnGetParameters:
let
Source = Excel.CurrentWorkbook(){[Name="Parameters"]}[Content],
AddString = Table.AddColumn(Source, "Custom", each "ID = " & "'" & [ID] & "' OR "),
RemoveID = Table.SelectColumns(AddString,{"Custom"}),
Custom = Text.Combine(RemoveID[Custom], ""),
Parameter = Text.Start(Custom,Text.Length(Custom)-4)
in
Parameter
which creates a nice string looking like e.g. 'ID = '1' OR ID = '2' OR ID = '3'' depending on the values in the column ID in Parameters.
Finally, I try to create my query:
let
Source = Sql.Database("MyServer", "MyDatabase",[Query="
SELECT *
FROM [MyDatabase].[dbo].[MyView]
WHERE " & fnGetParameters])
in
#"Source"
Incidentally, when removing the WHERE clause from the code above, it works fine on any computer:
let
Source = Sql.Database("MyServer", "MyDatabase",[Query="
SELECT *
FROM [MyDatabase].[dbo].[MyView]"])
in
#"Source"
so it is somehow the addition of the parameter string which causes an error.
I am trying to create an sql query that adds a string to the end of the cell. Right now I have this.
$sql = "UPDATE table SET $column1= $column1 + $newstring1, $column2 = $column2 + $newstring2, $column3 = $column3 + $newstring3, WHERE username = $user_username";
The values of $newstring1, $newstring2, and $newstring3 are formatted like "155:2,"
The idea is to add delimiters to each entry so I can easily sort them later. Right now I'm getting a syntax error on my query, but I'm new to php. Is the error because when the database is empty, there is no original variable and therefore I need to INSERT INTO instead of UPDATE, or is the comma in the string itself creating the error and do I need to somehow concatenate it?
I'm more used to C# than PHP so I'm not sure the proper way to format that type of query.
I am working with asp classical.
I am trying to take information from the user and then insert into my database.
the error is "no value given".
on line: myCon.Execute(sql);
I think it is coming from my sql statement.
var myCon, myRec, sql;
myCon = new ActiveXObject ("ADODB.Connection");
myCon.Open ("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\\Users\\abc.mdb");
var bodyType = parseInt(Request.Form("cbBodyType"));
var education = parseInt(Request.Form("cbEducation"));
var eyes = parseInt(Request.Form("cbEyes"));
var hairs = parseInt(Request.Form("cbHairs"));
var heights = parseInt(Request.Form("cbHeights"));
var religion = parseInt(Request.Form("cbReligion"));
var memberID = parseInt(Session("MemberID"));
sql = "INSERT INTO Profiles (MemberID, Religion, HairColor, Eye, Education, Height, BodyType) VALUES ("+memberID+", "+religion+", "+hairs+", "+eyes+", "+education+", "+heights+", "+education+")";
myCon.Execute(sql);
myCon.Close();
EDIT: The problem is the logic. I have for example table HairColor that has an ID and a Description. ID is a primary key and its foreign key is in table Profile.
When my user enters the information, i would like to recuperate the combobox value, get the ID and then do an INSERT INTO PROFILES.
Is there an easy way to do it instead of using a lot of "where statement" ?
Try the use the following variant of code
myCon.Execute sql, 0
(without parenthesis)
My guess is that one of the following is happening:
One of the columns you are trying to populate could be a string-valued column. In that case, you need to surround your value argument with single quotes, as in this simplified-for-clarity example below:
sql = "INSERT INTO Profiles (MemberID, Religion) VALUES (" _
+ memberID + ",'" + religion + "');"
Alternatively, if you have a - All - or Please Select option as the top and default option in one of your combo boxes, and you haven't specified a value for that option, you could be returning a blank/empty string as a value. That would lead to this as the resulting (simplified-for-clarity) SQL:
Sql = "INSERT INTO Profiles (MemberID, Religion) VALUES( 235, );"
Note the absence of a value for the second column. I would have expected you to get a syntax error message instead, though, if that's what was happening.
Be aware that by doing your SQL this way, assembling a string from posted values rather than using SQL parameters, you are opening the door for a SQL injection attack. It's not a good idea.
Access 2013 - Reference an Unbound text box on a Form
I am currently trying to use an unbound text box [Text161] on a Form name [DCM_Gap_Servers] to sort information through a table. I want the query that I created to be able to take the users input from [DCM_Gap_Servers]![Text161] as the field that is being sorted from the table names 'Server'.
This is the SQL I am using right now in the query:
SELECT * FROM Servers WHERE "Forms![DCM_Gap_Servers]![Text161]" IS NULL
** I have already Tried:
"Forms![DCM_Gap_Servers]![Text161]" ; (Forms![DCM_Gap_Servers]![Text161]); Forms.[DCM_Gap_Servers]![Text161]
This will work at any time if I replace the Text Box reference with the actual Field name I am using, but since there are hundreds of combinations of fields, I need the reference to work.
I have looked all over, and I can't seem to find the correct answer. I am willing to do it in VBA if needed, whatever it takes to get the filtering done correctly.
Thank You.
It is:
SELECT * FROM Servers WHERE Forms.[DCM_Gap_Servers].[Text161] IS NULL
but that will just select all records whenever your textbox is Null.
So it rather is:
SELECT * FROM Servers WHERE SomeField = Forms.[DCM_Gap_Servers].[Text161]
To use the form value as a field name, you must use concatenated SQL:
strSQL = "SELECT * FROM Servers WHERE " & Forms![DCM_Gap_Servers]![Text161].Value & " IS NULL"
This you might pass to the SQL property of an existing query object:
MyQueryDef.SQL = strSQL
Or:
Constant SQL As String = "SELECT * FROM Servers WHERE {0} IS NULL"
FieldName = Forms![DCM_Gap_Servers]![Text161].Value
MyQueryDef.SQL = Replace(strSQL, "{0}", FieldName)
Of course, take care the the field name isn't a zero length string.