I need to replicate the below function in Python. I included the working PHP code and need help on the Python side as I’m now totally lost.
A RFID card is read and tag transferred to Python over serial. This portion of the code works. WHat I am having trouble with is inserting this string of information as the string of information to be looked up in mySQL
<?php
require 'database.php';
$UIDresult=$_POST["UIDresult"];
$Write="<?php $" . "UIDresult='" . $UIDresult . "'; " . "echo $" . "UIDresult;" . "?>";
file_put_contents('UIDContainer.php',$Write);
$pdo = Database::connect();
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT * FROM table_mkaccess where id = ?";
$q = $pdo->prepare($sql);
$q->execute(array($UIDresult));
$data = $q->fetch(PDO::FETCH_ASSOC);
Database::disconnect();
$msg = null;
if (null==$data['name']) {
$msg = "0";
$data['id']=$UIDresult;
} else {
$msg = "1";
}
echo $msg;
?>
Python Code I have tried so far, what am I missing.
import serial
import mysql.connector
rfid = serial.Serial(port = "/dev/ttyUSB0", baudrate=9600)
while True:
if (rfid.in_waiting > 0):
UID = rfid.readline()
UID = UID.decode('Ascii')
mydb = mysql.connector.connect(
host = "localhost",
user = "****",
password = "****",
database = "****")
mycursor = mydb.cursor(buffered=True)
sql = "SELECT * FROM table_mkaccess WHERE id = '%s'"
mycursor.execute(sql,(UIDresult,))
data = mycursor.fetchall()
if data ==0:
print('0')
else:
print('1')
UPDATE:
Now receiving the following error
Traceback (most recent call last): File "/home/base/testing3.py",
line 17, in
mycursor.execute(sql,(UIDresult,))
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ’47D0D393rn”’
at line 1
2
Answers
You have to add the UID to the query polacholder
A few changes:
UID = UID.rstrip()
to get rid of the trailing white space (carriage return and newline characters, unless you actually want those characters stored in the database)sql = "SELECT * FROM table_mkaccess WHERE id = %s"
(For prepared statements, you do not want quotes around the%s
placeholder. If the supplied actual value is a string, the SQL driver will do "the right thing" with the value.)mycursor.execute(sql, (UID,))
(Use the correct variable)