SQL syntax error on table name

Question

I've just finished a segment about stopping the spam in a forums database, and now it's time to clean them up.

The goal is to use an update statement to update the database records and delete the posts marked as spam. After scratching my head and receiving vague hints and instructions from an online Instructor (this is for an online class), I've ran into an error.

This may not be the correct way to do this, and I'm looking for guidance after having no luck on google. Here is a snippet of forumdb.py:

# "Database code" for the DB Forum.

import bleach
import psycopg2
import datetime

DBNAME = "forum"

def get_posts():
  """Return all posts from the 'database', most recent first."""
  db = psycopg2.connect(database=DBNAME)
  c = db.cursor()
  UPDATE posts
    SET content = 'cheese'
    WHERE content like 'spam' ;
  c.execute("select content, time from posts order by time desc")
  return c.fetchall()
  db.close()

def add_post(content):
  """Add a post to the 'database' with the current timestamp."""
  db = psycopg2.connect(database=DBNAME)
  c = db.cursor()
  clean_cont = bleach.clean(content)
  c.execute("insert into posts values (%s)", (clean_cont,))
  db.commit()
  db.close()

And here is the error I get:

Traceback (most recent call last):
  File "forum.py", line 7, in <module>
    from forumdb import get_posts, add_post
  File "/vagrant/forum/forumdb.py", line 13
    UPDATE posts
           ^
SyntaxError: invalid syntax

In case it helps, here is forum.py:

#!/usr/bin/env python3
# 
# A buggy web service in need of a database.

from flask import Flask, request, redirect, url_for

from forumdb import get_posts, add_post

app = Flask(__name__)

# HTML template for the forum page
HTML_WRAP = '''\
<!DOCTYPE html>
<html>
  <head>
    <title>DB Forum</title>
    <style>
      h1, form { text-align: center; }
      textarea { width: 400px; height: 100px; }
      div.post { border: 1px solid #999;
                 padding: 10px 10px;
                 margin: 10px 20%%; }
      hr.postbound { width: 50%%; }
      em.date { color: #999 }
    </style>
  </head>
  <body>
    <h1>DB Forum</h1>
    <form method=post>
      <div><textarea id="content" name="content"></textarea></div>
      <div><button id="go" type="submit">Post message</button></div>
    </form>
    <!-- post content will go here -->
%s
  </body>
</html>
'''

# HTML template for an individual comment
POST = '''\
    <div class=post><em class=date>%s</em><br>%s</div>
'''


@app.route('/', methods=['GET'])
def main():
  '''Main page of the forum.'''
  posts = "".join(POST % (date, text) for text, date in get_posts())
  html = HTML_WRAP % posts
  return html


@app.route('/', methods=['POST'])
def post():
  '''New post submission.'''
  message = request.form['content']
  add_post(message)
  return redirect(url_for('main'))


if __name__ == '__main__':
  app.run(host='0.0.0.0', port=8000)

Thanks in advance for anybody who has the raw brainpower to help!

Answer 1

your query

UPDATE posts
SET content = 'cheese'
WHERE content like 'spam' ;

is out of scope. remove or put that on the c.execute() function, like below

c.execute("UPDATE posts SET content = 'cheese' WHERE content like 'spam';");

that's why you are getting this error, hope it helps.