SQL Server pyodbc.ProgrammingError 42000 (8114) error converting data type varchar to float

ct3nt3jp  于 2023-10-15  发布在  其他
关注(0)|答案(1)|浏览(127)

The below is my code:

if data['Key']['Name'] == ".AORD" or data['Key']['Name'] == ".CBD100" or data['Key']['Name'] == ".CNT" or data['Key']['Name'] == ".CSI300" or data['Key']['Name'] == ".CSI300FS" or data['Key']['Name'] == ".DJI" or data['Key']['Name'] == ".FCHI" or data['Key']['Name'] == ".FTSE" or data['Key']['Name'] == ".GDAXI" or data['Key']['Name'] == ".HSCC" or data['Key']['Name'] == ".HSCE" or data['Key']['Name'] == ".HSCI" or data['Key']['Name'] == ".HSCIC" or data['Key']['Name'] == ".HSCIU" or data['Key']['Name'] == ".HSNC" or data['Key']['Name'] == ".HSNF" or data['Key']['Name'] == ".HSNP" or data['Key']['Name'] == ".HSTECH" or data['Key']['Name'] == ".INX" or data['Key']['Name'] == ".N255" or data['Key']['Name'] == ".SPHKGEM" or data['Key']['Name'] == ".SSE180" or data['Key']['Name'] == ".SSE380I" or data['Key']['Name'] == ".SSE50" or data['Key']['Name'] == ".SSEA" or data['Key']['Name'] == ".SSEB" or data['Key']['Name'] == ".SZSA" or data['Key']['Name'] == ".SZSB" or data['Key']['Name'] == ".SZSC" or data['Key']['Name'] == ".SZ100" or data['Key']['Name'] == ".SZI":
    print("[", datetime.datetime.now(), "]" + data['Key']['Name'] + " Turnover: " , data['Fields']['TURNOVER'], " Value: ", data['Fields']['TRDPRC_1'])
    if data['Fields']['TURNOVER'] == None:
        sqlg = "UPDATE STOCK.dbo.Curr_Indexs SET Value=CAST(\'" + str(data['Fields']['TRDPRC_1']) + "\' AS FLOAT) , Net_Change=CAST(\'" + str(data['Fields']['NETCHNG_1']) + "\' AS FLOAT) , Percent_Change=CAST(\'" + str(data['Fields']['PCTCHNG']) + "\' AS FLOAT) , DayHigh=CAST(\'" + str(data['Fields']['HIGH_1']) + "\' AS FLOAT) , DayLow=CAST(\'" + str(data['Fields']['LOW_1']) + "\' AS FLOAT) , OFF_CLOSE=CAST(\'" + str(data['Fields']['OFF_CLOSE']) + "\' AS FLOAT) , Date=\'" + str(datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) + "\' ,Data_Time=\'" + str(datetime.datetime.now().strftime("%H:%M:%S")) + "\' WHERE nRic=\'" + data['Key']['Name'] + "\'"
    if data['Fields']['TURNOVER'] != None:
        sqlg = "UPDATE STOCK.dbo.Curr_Indexs SET Value=CAST(\'" + str(data['Fields']['TRDPRC_1']) + "\' AS FLOAT) , Net_Change=CAST(\'" + str(data['Fields']['NETCHNG_1']) + "\' AS FLOAT) , Percent_Change=CAST(\'" + str(data['Fields']['PCTCHNG']) + "\' AS FLOAT) , DayHigh=CAST(\'" + str(data['Fields']['HIGH_1']) + "\' AS FLOAT) , DayLow=CAST(\'" + str(data['Fields']['LOW_1']) + "\' AS FLOAT) , OFF_CLOSE=CAST(\'" + str(data['Fields']['OFF_CLOSE']) + "\' AS FLOAT) , Turnover= CAST(\'" + str(float(data['Fields']['TURNOVER'])) + "\' AS FLOAT) , Date=\'" + str(datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) + "\' ,Data_Time=\'" + str(datetime.datetime.now().strftime("%H:%M:%S")) + "\' WHERE nRic=\'" + data['Key']['Name'] + "\'"
                
    cur1.execute(sqlg)
    conn1.commit()

Does anybody knows what is the problem? The type in the data base are float(except the Date and Data_Time). please help. Thank you.

I know SQL injection is bad practice but it shouldn't produce this error? The below code works in the same program for reference:

if data['Key']['Name'] == ".NQUOTA.SH" or data['Key']['Name'] == ".NQUOTA.ZK" or data['Key']['Name'] == ".SQUOTA.HS" or data['Key']['Name'] == ".SQUOTA.HZ":
    if "QUTA_REM" in data['Fields']:
        print("[", datetime.datetime.now(), "]", data['Key']['Name']  ,": QUTA_REM: ", data['Fields']['QUTA_REM'])
        sqle = "UPDATE STOCK.dbo.NorthBoundQuota SET DailyQBalance= " + str(data['Fields']['QUTA_REM']/100000) + ", Date=\'" + str(datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) + "\' WHERE nRic=\'" + data['Key']['Name'] + "\'"
        cur1.execute(sqle)
        conn1.commit()

DailyQBalance is type float in the database.

I could see the raw JSON data and they're not None/Null/empty, they are numbers. And previously I used the below SQL and it produced the same error:

sqlg = "UPDATE STOCK.dbo.Curr_Indexs SET Value=\'" + str(data['Fields']['TRDPRC_1']) + "\' , Net_Change=\'" + str(data['Fields']['NETCHNG_1']) + "\' , Percent_Change=\'" + str(data['Fields']['PCTCHNG']) + "\' , DayHigh=\'" + str(data['Fields']['HIGH_1']) + "\' , DayLow=\'" + str(data['Fields']['LOW_1']) + "\' , OFF_CLOSE=\'" + str(data['Fields']['OFF_CLOSE']) + "\' , Turnover=\'" + str(float(data['Fields']['TURNOVER'])) + "\' , Date=\'" + str(datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) + "\' ,Data_Time=\'" + str(datetime.datetime.now().strftime("%H:%M:%S")) + "\' WHERE nRic=\'" + data['Key']['Name'] + "\'"
sql-server

1条答案

按热度按时间
h7appiyu

h7appiyu1#

I changed the code to use parameterized queries and it works. But what I don't understand is why some SQL injection statments work while other don't (especially when the data received has the same type as the problematic SQL statement and the columns being updated are the same (float)).

赞(0)分享  回复(0)举报  2023-10-15
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com