2

I want to add a string to the result of my query in mysql.

I tried this code:

mensaje = input ("introduzca el sms que desea enviar: ")
cursorsql1 = conectar.cursor()
sql = "select msisdn, '(mensaje)'VALUES(%s) as mensaje from perfiles where tarifa not like '%Iot%' and transparent_properties not like '%Momo%' and state like '%active%' and msisdn like '56943404789' and created_at between subdate(current_date, 1) and current_date".format(mensaje, values)
cursorsql1.executemany(sql,mensaje)
columnas = cursorsql1.fetchall()
print(columnas)

the error is this

mysql.connector.errors.ProgrammingError: Parameters for query must be list or tuple.

i want the results looks like this

| 56953404789 | some message  |

Any idea what is happening to cause my error?

Thanks in advance for any help

Improve this question
2
  • Try putting your parameter as a list: cursorsql1.executemany(sql, [mensaje]) Commented Nov 6, 2019 at 15:12
  • mysql.connector.errors.ProgrammingError: Failed executing the operation; Could not process parameters :( Commented Nov 6, 2019 at 15:16

1 Answer 1

Reset to default
1

EDIT: Provided the injection safe method:

Use the sql CONCAT function:

sql = "SELECT CONCAT(msisdn, ?) AS mensaje FROM perfiles"
cursorsql1.execute(sql, (mensaje,))

Note that on sqlite there is no CONCAT function, instead use the || operator:

"SELECT msisdn || ? AS mensaje FROM perfiles"
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thankkkkss this work in this way: "SELECT msisdn, '{}' as mensaje from....".format(mensaje)
For the record that's very dangerous if you're designing it for other people to use, it's prone to SQL injection attacks.
Thank you for the warning but it is for my personal use :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.