Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

1064 (42000): You have an error in your SQL syntax;

byMR
November 5, 2021

I am using MYSQL for storing username and their corresponding salted and hashed password it is giving me continuously this error.

1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$2b$12$0NwXT7hoHPBK.ywn/r5f3OWQKrF9o1/wUJt7u1eFtn3Se2XCmiXdm'')' at line 1

My Table Name is hassle_free_register and it table structure is as follows as :

+----------+--------------+------+-----+---------+----------------+
| Field    | Type         | Null | Key | Default | Extra          |
+----------+--------------+------+-----+---------+----------------+
| USER_ID  | int          | NO   | PRI | NULL    | auto_increment |
| USERNAME | varchar(255) | NO   | UNI | NULL    |                |
| PASSWORD | varchar(255) | NO   |     | NULL    |                |
+----------+--------------+------+-----+---------+----------------+

Code For Storing the password :

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel 

@app.route('/register' ,methods =['POST'])
def register():
   try:
      NAME = request.form['USER_NAME']
      PASSWORD = request.form['USER_PASSWORD']
      if(len(NAME)==0):
         raise ValueError("USERNAME CANNOT BE EMPTY")
      if(len(PASSWORD)<=8):
         raise ValueError("PASSWORD LENGTH TOO SHORT")
      if(len(PASSWORD)>=30):
         raise ValueError("PASSWORD LENGTH TOO LONG") 
      HASHEDPASS = bcrypt.hashpw(PASSWORD.encode('utf-8'),bcrypt.gensalt())    
      mycursor.execute("insert into Hassle_Free_Register(USERNAME,PASSWORD) values('{USER_NAME}','{USER_PASSWORD}');".format(USER_NAME = NAME,USER_PASSWORD = str(HASHEDPASS)))
      mydb.commit()
      return jsonify("REGISTERED SUCCESSFULLY") 
   except ValueError as error:
      return jsonify({"message":str(error)}),403
   except mysql.connector.Error as error:
      print(error)
      # return error
      return jsonify({"message":str(error)}), 404

Please help ! I am using Flask Framework.

>Solution :

Do you see the problem? Your hashed password contains single quote marks. That screws up your quoting. So, let the database connector do it:

mycursor.execute("INSERT INTO HassleFree_Register(USERNAME,PASSWORD) VALUES(?,?);", (NAME, HASHEDPASS))

Depending on the database, you might need %s instead of ?.

As a stylistic note, it’s not considered good form to use ALL CAPS for variable names. That’s fine for global constants, but variables should be username or user_name.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading