curs.execute ("INSERT INTO temperatur (datum, uhrzeit, ort, messwert) VALUES (CURRENT_DATE(), NOW(), %s, %s);" % ort, messwert)
drops out this->
curs.execute ("INSERT INTO temperatur (datum, uhrzeit, ort, messwert) VALUES (CURRENT_DATE(), NOW(), %s, %s);" % ort, messwert)
TypeError: not enough arguments for format string
why is this not working?
Do not use string formatting, you are exposing yourself to SQL injection.
Pass in your arguments as a sequence in the second argument:
curs.execute(
"INSERT INTO temperatur (datum, uhrzeit, ort, messwert) "
"VALUES (CURRENT_DATE(), NOW(), %s, %s)",
(ort, messwert))
Here (ord, messwert) is a tuple passed in as the second argument to curs.execute(). You don't need the ; in the SQL statement.
You got the error because you only passed one value to the % string format, the expression you used is "string value" % ort, as messwert was being passed in as the second argument to curs.execute(). You'd have to use "string value" % (ord, messwert) instead. However, you should avoid using string formatting altogether however, as that leaves you vulnerable to SQL injection attacks where an attacker makes use of the lack of proper escaping applied to the values interpolated into the SQL string.
Everyone is right that you shouldn't use string formatting, but the quick answer for you is just that you need parentheses containing your tuple, i.e., %(ort, messwert)
messwertis a second parameter toexecute, not a second value to be formatted into the string.pymysql?