Python/MySQL query error: `Unknown column`

Question

This script is meant to act as a command-line front-end to add records to a locally hosted MySQL database.

I am getting this error:

mysql.connector.err

Answer 1

The issue is here:

add_record = "INSERT INTO fruit (name, variety) VALUES (%s, %s)" % (new_fruit, new_fruit_type)

Imagine the query this would produce:

INSERT INTO fruit (name, variety) VALUES (watermelon, something_else)

Those values aren't values anymore! They look more like column references (Unknown column 'watermelon' in 'field list')

Instead, you should use prepared statements:

query = "INSERT INTO fruit (name, variety) VALUES (%s, %s)"
cursor.execute(query, (new_fruit, new_fruit_type))

This will automatically take care of the parameterization for you, and will prevent SQL Injection