How to insert into a table with character['] in the field (pymssql)

1k views Asked by At

I'm trying to populate my db from a csv file using python. Below is the code I use to populate my sales table:

import csv
import pymssql as psql

conn = psql.connect('localhost:8888', 'SA', 'superSecret','videogame')
cursor = conn.cursor()
cursor.execute("""
  IF OBJECT_ID('sales', 'U') IS NOT NULL
    DROP TABLE sales

  CREATE TABLE sales
  (
    Id int,
    Name varchar(250),
    Platform varchar(250),
    Year int,
    Genre varchar(250),
    Publisher varchar(250),
    NA_Sales float,
    EU_Sales float,
    JP_Sales float,
    Other_Sales float,
    Global_Sales float
  )
""")
conn.commit()

with open ('./sales.csv', 'r') as f:
    reader = csv.reader(f)
    for row in reader:
        row[1] = row[1].replace("'", "")
        row[5] = row[5].replace("'", "")
        data = tuple(row)
        query = 'insert into sales values {0}'.format(data).replace("N/A","0")
        print(query)
        cursor.execute(query)

conn.commit()
conn.close()

However, some of my data contains the character:(') (e.g. Assassin's creed)in their name column. This caused an error, as below:

insert into sales values ('129', "Assassin's Creed III", 'PS3', '2012', 'Action', 'Ubisoft', '2.64', '2.56', '0.16', '1.14', '6.5')
Traceback (most recent call last):
  File "pymssql.pyx", line 447, in pymssql.Cursor.execute (pymssql.c:7119)
  File "_mssql.pyx", line 1011, in _mssql.MSSQLConnection.execute_query (_mssql.c:11586)
  File "_mssql.pyx", line 1042, in _mssql.MSSQLConnection.execute_query (_mssql.c:11466)
  File "_mssql.pyx", line 1175, in _mssql.MSSQLConnection.format_and_run_query (_mssql.c:12746)
  File "_mssql.pyx", line 1586, in _mssql.check_cancel_and_raise (_mssql.c:16880)
  File "_mssql.pyx", line 1630, in    _mssql.maybe_raise_MSSQLDatabaseException (_mssql.c:17524)
_mssql.MSSQLDatabaseException: (207, b"Invalid column name 'Assassin's   Creed III'.DB-Lib error message 20018, severity 16:\nGeneral SQL Server    error: Check messages from the SQL Server\n")

Is there any workaround for this other than manually update the row (e.g. row[1] = row[1].replace("'","")?

Thanks!!

2

There are 2 answers

4
Gord Thompson On BEST ANSWER

You could use a proper parameterized query, like this:

row = ["Assassin's", "N/A", 9]  # test data as list (e.g., from CSV)
data = tuple("0" if x=="N/A" else x for x in row)
print(data)  # ("Assassin's", '0', 9)
placeholders = ','.join(['%s' for i in range(len(data))])
query = 'INSERT INTO sales VALUES ({0})'.format(placeholders)
print(query)  # INSERT INTO sales VALUES (%s,%s,%s)
cursor.execute(query, data)
1
Ben Stobbs On

You can replace the ' with a \', which should stop it crashing whilst preserving the apostrophe in your data:

with open ('./sales.csv', 'r') as f:
    reader = csv.reader(f)
    for row in reader:
        row[1] = row[1].replace("'", "\'")
        row[5] = row[5].replace("'", "\'")
        data = tuple(row)
        query = 'insert into sales values {0}'.format(data).replace("N/A","0")
        print(query)
        cursor.execute(query)