pythondatabasesqlitesqlite3-python

An error happens when I try to add data to SQLite3 database in python

I've already create an app to show, add, delete and update skills in the database using python and SQLite 3. Inside of the app I used functional method. The algorithm I used is :

  1. print the explanation for the user
  2. waiting for user to enter which action he want
  3. go to the function using his entry
 # check if command is exist
    if user_input in commands_list:
        print(f"the command {user_input} founded")
        if user_input == "s":
            show_skills()
        elif user_input == "a":
            add_skill()
        elif user_input == "d":
            delete_skill()
        elif user_input == "u":
            update_skill()
        else:
            quitTheApp()
    else:
        print(f"Sorry the command \"{user_input}\" is not exist.")
  1. The function add_skills() first asks for skill name to add it but before that it checks if it's exist in the database or not, if it's exist it add it normally otherwise it tell the user this skill is already exists and asks if he want to change the progress. this is the add function :
def add_skill():
        sk = input("Write skill name: ").strip().capitalize()

        cr.execute(
            f"select name form skills where name = {sk} and id = {uid}")
        result = cr.fetchone()

        if result == None:
            prog = input("Write skill progress: ").strip()
            cr.execute(
                f"insert into skills(name, progress, id) values('{sk}', '{prog}', '{uid}')")
            print("Data has been added.")

        else:
            print("This skill is already exist in database.")
            print("Do you want to update the progress of it ? (y/n)", end=" ")
            theA = input().strip().lower()

            match theA:
                case "y":
                    Nprog = input("Write the new skill progress: ").strip()

                    cr.execute(
                        f"update skills set progress = '{Nprog}' where name = '{sk}' and id = '{uid}'")
                    print("Data has been updated.")
                case "n":
                    print("Quitting the app.")
                    quitTheApp()
                case _:
                    print("unexpacted answer .sorry please try again.")

        commit_and_close()

So when I test the app in the terminal using add_skills function only it show me an error. I put in the terminal the "a" command to use the add function, then I enter a name it's not exist before in the database it's show me this error : near "skills": syntax error

Solution

  • You have typos in you SQL statement:

    cr.execute(f"select name form skills where name = {sk} and id = {uid}")
    1. form should be from.
    2. {sk} is not enclosed by single quotes (').

    The corrected line should be:

    cr.execute(f"select name from skills where name = '{sk}' and id = '{uid}'")

    While this should work I would recommend to use parameterized queries to reduce the risk of SQL injection. Furthermore it is a good practice to write SQL keywords uppercase for better readability. So I suggest:

    cr.execute("SELECT name FROM skills WHERE name = ? AND id = ?", (sk, uid))