python - need help inserting text files with open() into mysql

Question

Hello,

Can someone help me out with the mysql connection statement to instert a textfile into a mysql table (field type is long blob)?

For example:

cursor.execute("insert into mytable (file_contents) values ('"+open(filename,"r").read()+"')")

Obviously that's not very practical, can someone post a better way to do this?

Answer 1

It is dangerous to append content of a file directly into an SQL query, because of special characters (quotes!) or malicious SQL commands.

Try this:

with open(filename,"r") as infile:
    cursor.execute("insert into mytable (file_contents) values (%s)", (infile.read(), ))