208

I am using hand crafted SQL to fetch data from a PG database, using SqlAlchemy. I am trying a query which contains the SQL like operator '%' and that seems to throw SqlAlcjhemy through a loop:

sql = """
       SELECT DISTINCT u.name from user u
        INNER JOIN city c ON u.city_id = c.id
        WHERE c.designation=upper('fantasy') 
        AND c.id IN (select id from ref_geog where short_name LIKE '%opt')
      """

# The last line in the above statement throws the error mentioned in the title. 
# However if the last line is change to:
# AND c.id IN (select id from ref_geog where short_name = 'helloopt')
# the script runs correctly.
#
# I also tried double escaping the '%' i.e. using '%%' instead - that generated the same error as previously.

connectDb()
res = executeSql(sql)
print res
closeDbConnection()

Any one knows what is causing this misleading error message and how I may fix it?

[[Edit]]

Before any one asks, there is nothing special or fancy about the functions included above. For example the function executeSql() simply invokes conn.execute(sql) and returns the results. The variable conn is simply the previously established connection to the database.

Improve this question
5
  • can you post the code of executeSql(...)? And also, do you really have RETURNING * in the SELECT statement? Commented Dec 28, 2011 at 15:12
  • @van I missed that one. There is no ' RETURNING *' in the SQL that is causing the problem. I will correct the question. Commented Dec 28, 2011 at 15:17
  • 1
    is this answer [stackoverflow.com/questions/3944276/… helpful? Commented Dec 28, 2011 at 15:45
  • 2
    @van: Thanks!. yes it does. I had to use '\%%' instead of '%'. The statement is correctly executed now. Commented Dec 28, 2011 at 15:53
  • 3
    great. please post a short answer (and accept it) which worked for you for the sake of completeness. Commented Dec 28, 2011 at 16:38

8 Answers 8

Reset to default
368

You have to give %% to use it as % because % in python is use as string formatting so when you write single % its assume that you are going to replace some value with this.

So when you want to place single % in string with query allways place double %.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I wish they would of updated that error message, every time I get it I end up landing on this page and answer
150

SQLAlchemy has a text() function for wrapping text which appears to correctly escape the SQL for you.

I.e.

res = executeSql(sqlalchemy.text(sql))

should work for you and save you from having to do the manual escaping.

Improve this answer

3 Comments

This should be the selected answer. It solved the issue in my case.
Note that this does not escape comments, but otherwise is a fantastic solution.
That worked for me, and was easier to implement than changing all our queries with double %
13

I cannot find the "executeSql" in sqlalchemy version 1.2 docs , but the below line worked for me 

engine.execute(sqlalchemy.text(sql_query))
Improve this answer

Comments

5

I found one more case when this error shows up:

c.execute("SELECT * FROM t WHERE a = %s")

In other words, if you provide parameter (%s) in query, but you forget to add query params. In this case error message is very misleading.

Improve this answer

Comments

3

It seems like your problem may be related to this bug.

In which case, you should triple-escape as a workaround.

Improve this answer

Comments

3

One more note- you must escape (or delete) % characters in comments as well. Unfortunately, sqlalchemy.text(query_string) does not escape the percent signs in the comments.

Improve this answer

Comments

2

Another way of solving your problem, if you don't want to escape % characters or use sqlalchemy.text(), is to use a regular expression.

Instead of:

select id from ref_geog where short_name LIKE '%opt'

Try (for case-sensitive match):

select id from ref_geog where short_name ~ 'opt$'

or (for case-insensitive):

select id from ref_geog where short_name ~* 'opt$'

Both LIKE and regex are covered in the documentation on pattern matching.

Note that:

Unlike LIKE patterns, a regular expression is allowed to match anywhere within a string, unless the regular expression is explicitly anchored to the beginning or end of the string.

For an anchor, you can use the assertion $ for end of string (or ^ for beginning).

Improve this answer

Comments

0

This could also result from the case - in case parameters to be passed onto the SQL are declared in DICT formate and are being manipulated in the SQL in the form of LIST or TUPPLE.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.