4

I use psycopg2 for postgresql. Here is my snippet:

a = "INSERT INTO tweets (Time) VALUES (%s);" % (datetime.now(),)

cursor.execute(a)

this won't work and gives me an error:

ProgrammingError: syntax error at or near "20"
LINE 1: INSERT INTO tweets (Time) VALUES (2016-10-03 20:14:49.065092...

However, if I run this way:

cursor.execute("INSERT INTO tweets (Time) VALUES (%s);", (datetime.now(),))

it works. I want to know what is the difference between these two expressions, and what is wrong with the first one. Can I do this function use the first structure?

Improve this question
1
  • 1
    The first uses Python string substitution. The second uses Psycopg parameter passing and is the only recommended one. Commented Oct 4, 2016 at 9:03

1 Answer 1

Reset to default
7

If you check the first query, it states INSERT INTO tweets (Time) VALUES (2016-10-03 20:14:49.065092..., that means, it tries to use unquoted value as a time and this won't work.

If you really want to use your first approach, you have to quote the value:

a = "INSERT INTO tweets (Time) VALUES ('%s');" % (datetime.now(),)
cursor.execute(a)

I'd suggest you to use the second approach, where client library handles all quotes and usually prevents a lot of possible problems like SQL injection.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Don't even suggest to use the first approach

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.