MySQL Connector/Python Developer Guide  /  Connector/Python Connection Establishment  /  Connector/Python Connection Arguments

7.1 Connector/Python Connection Arguments

A connection with the MySQL server can be established using either the mysql.connector.connect() function or the mysql.connector.MySQLConnection() class:

cnx = mysql.connector.connect(user='joe', database='test')
cnx = MySQLConnection(user='joe', database='test')

The following table describes the arguments that can be used to initiate a connection. An asterisk (*) following an argument indicates a synonymous argument name, available only for compatibility with other Python MySQL drivers. Oracle recommends not to use these alternative names.

Table 7.1 Connection Arguments for Connector/Python

Argument Name Default Description
user (username*) The user name used to authenticate with the MySQL server.
password (passwd*) The password to authenticate the user with the MySQL server.
password1, password2, and password3 For Multi-Factor Authentication (MFA); password1 is an alias for password. Added in 8.0.28.
database (db*) The database name to use when connecting with the MySQL server.
host 127.0.0.1 The host name or IP address of the MySQL server.
unix_socket The location of the Unix socket file.
port 3306 The TCP/IP port of the MySQL server. Must be an integer.
conn_attrs

Standard performance_schema.session_connect_attrs values are sent; use conn_attrs to optionally set additional custom connection attributes as defined by a dictionary such as config['conn_attrs'] = {"foo": "bar"}.

The c-ext and pure python implementations differ. The c-ext implementation depends on the mysqlclient library so its standard conn_attrs values originate from it. For example, '_client_name' is 'libmysql' with c-ext but 'mysql-connector-python' with pure python. C-ext adds these additional attributes: '_connector_version', '_connector_license', '_connector_name', and '_source_host'.

This option was added in 8.0.17, as was the default session_connect_attrs behavior.

init_command Command (SQL query) executed immediately after the connection is established as part of the initialization process. Added in 8.0.32.
auth_plugin Authentication plugin to use. Added in 1.2.1.
fido_callback

Deprecated as of 8.2.0 and removed in 8.4.0; instead use webauthn_callback.

A callable defined by the optional fido_callback option is executed when it's ready for user interaction with the hardware FIDO device. This option can be a callable object or a string path that the connector can import in runtime and execute. It does not block and is only used to notify the user of the need for interaction with the hardware FIDO device.

This functionality was only available in the C extension. A NotSupportedError was raised when using the pure Python implementation.

webauthn_callback

A callable defined by the optional webauthn_callback option is executed when it's ready for user interaction with the hardware WebAuthn device. This option can be a callable object or a string path that the connector can import in runtime and execute. It does not block and is only used to notify the user of the need for interaction with the hardware FIDO device. Enable the authentication_webauthn_client auth_plugin in the connection configuration to use.

This option was added in 8.2.0, and it deprecated the fido_callback option that was removed in version 8.4.0.

openid_token_file Path to the file containing the OpenID JWT formatted identity token. Added in 9.1.0.
use_unicode True Whether to use Unicode.
charset utf8mb4 Which MySQL character set to use.
collation utf8mb4_general_ai_ci (is utf8_general_ci in 2.x Which MySQL collation to use. The 8.x default values are generated from the latest MySQL Server 8.0 defaults.
autocommit False Whether to autocommit transactions.
time_zone Set the time_zone session variable at connection time.
sql_mode Set the sql_mode session variable at connection time.
get_warnings False Whether to fetch warnings.
raise_on_warnings False Whether to raise an exception on warnings.
connection_timeout (connect_timeout*) Timeout for the TCP and Unix socket connections.
read_timeout None Time limit to receive a response from the server before raising a ReadTimeoutError level error. The default value (None) sets the wait time to indefinitely. Option added in 9.2.0.
write_timeout None Time limit to send data to the server before raising a WriteTimeoutError level error. The default value (None) sets the wait time to indefinitely. Option added in 9.2.0.
client_flags MySQL client flags.
buffered False Whether cursor objects fetch the results immediately after executing queries.
raw False Whether MySQL results are returned as is, rather than converted to Python types.
consume_results False Whether to automatically read result sets.
tls_versions ["TLSv1.2", "TLSv1.3"] TLS versions to support; allowed versions are TLSv1.2 and TLSv1.3. Versions TLSv1 and TLSv1.1 were removed in Connector/Python 8.0.28.
ssl_ca File containing the SSL certificate authority.
ssl_cert File containing the SSL certificate file.
ssl_disabled False True disables SSL/TLS usage. The TLSv1 and TLSv1.1 connection protocols are deprecated as of Connector/Python 8.0.26 and removed as of Connector/Python 8.0.28.
ssl_key File containing the SSL key.
ssl_verify_cert False When set to True, checks the server certificate against the certificate file specified by the ssl_ca option. Any mismatch causes a ValueError exception.
ssl_verify_identity False When set to True, additionally perform host name identity verification by checking the host name that the client uses for connecting to the server against the identity in the certificate that the server sends to the client. Option added in Connector/Python 8.0.14.
force_ipv6 False When set to True, uses IPv6 when an address resolves to both IPv4 and IPv6. By default, IPv4 is used in such cases.
kerberos_auth_mode SSPI Windows-only, for choosing between SSPI and GSSAPI at runtime for the authentication_kerberos_client authentication plugin on Windows. Option added in Connector/Python 8.0.32.
oci_config_file ""

Optionally define a specific path to the authentication_oci server-side authentication configuration file. The profile name can be configured with oci_config_profile.

The default file path on Linux and macOS is ~/.oci/config, and %HOMEDRIVE%%HOMEPATH%\.oci\config on Windows.

oci_config_profile "DEFAULT"

Used to specify a profile to use from the OCI configuration file that contains the generated ephemeral key pair and security token. The OCI configuration file location can be defined by oci_config_file. Option oci_config_profile was added in Connector/Python 8.0.33.

dsn Not supported (raises NotSupportedError when used).
pool_name Connection pool name. The pool name is restricted to alphanumeric characters and the special characters ., _, *, $, and #. The pool name must be no more than pooling.CNX_POOL_MAXNAMESIZE characters long (default 64).
pool_size 5 Connection pool size. The pool size must be greater than 0 and less than or equal to pooling.CNX_POOL_MAXSIZE (default 32).
pool_reset_session True Whether to reset session variables when connection is returned to pool.
compress False Whether to use compressed client/server protocol.
converter_class Converter class to use.
converter_str_fallback False Enable the conversion to str of value types not supported by the Connector/Python converter class or by a custom converter class.
failover Server failover sequence.
option_files Which option files to read. Added in 2.0.0.
option_groups ['client', 'connector_python'] Which groups to read from option files. Added in 2.0.0.
allow_local_infile True Whether to enable LOAD DATA LOCAL INFILE. Added in 2.0.0.
use_pure False as of 8.0.11, and True in earlier versions. If only one implementation (C or Python) is available, then then the default value is set to enable the available implementation. Whether to use pure Python or C Extension. If use_pure=False and the C Extension is not available, then Connector/Python will automatically fall back to the pure Python implementation. Can be set with mysql.connector.connect() but not MySQLConnection.connect(). Added in 2.1.1.
krb_service_principal The "@realm" defaults to the default realm, as configured in the krb5.conf file. Must be a string in the form "primary/instance@realm" such as "ldap/ldapauth@MYSQL.COM" where "@realm" is optional. Added in 8.0.23.

MySQL Authentication Options

Authentication with MySQL typically uses a username and password.

When the database argument is given, the current database is set to the given value. To change the current database later, execute a USE SQL statement or set the database property of the MySQLConnection instance.

By default, Connector/Python tries to connect to a MySQL server running on the local host using TCP/IP. The host argument defaults to IP address 127.0.0.1 and port to 3306. Unix sockets are supported by setting unix_socket. Named pipes on the Windows platform are not supported.

Connector/Python supports authentication plugins available as of MySQL 8.0, including the preferred caching_sha2_password authentication plugin.

The deprecated mysql_native_password plugin is supported, but it is disabled by default as of MySQL Server 8.4.0 and removed as of MySQL Server 9.0.0.

The connect() method supports an auth_plugin argument that can be used to force use of a particular authentication plugin.

Note

MySQL Connector/Python does not support the old, less-secure password protocols of MySQL versions prior to 4.1.

Connector/Python supports the Kerberos authentication protocol for passwordless authentication. Linux clients are supported as of Connector/Python 8.0.26, and Windows support was added in Connector/Python 8.0.27 with the C extension implementation, and in Connector/Python 8.0.29 with the pure Python implementation. For Windows, the related kerberos_auth_mode connection option was added in 8.0.32 to configure the mode as either SSPI (default) or GSSAPI (via the pure Python implementation, or the C extension implementation as of 8.4.0). While Windows supports both modes, Linux only supports GSSAPI.

Optionally use the [gssapi] shortcut when installing the mysql-connector-python pip package to pull in specific GSSAPI versions as defined by the connector, which is v1.8.3 as of Connector/Python 9.1.0:

$ pip install mysql-connector-python[gssapi]

The following example assumes LDAP Pluggable Authentication is set up to utilize GSSAPI/Kerberos SASL authentication:

import mysql.connector as cpy
import logging

logging.basicConfig(level=logging.DEBUG)

SERVICE_NAME = "ldap"
LDAP_SERVER_IP = "server_ip or hostname"  # e.g., winexample01

config = {
    "host": "127.0.0.1",
    "port": 3306,
    "user": "myuser@example.com",
    "password": "s3cret",
    "use_pure": True,
    "krb_service_principal": f"{SERVICE_NAME}/{LDAP_SERVER_IP}"
}

with cpy.connect(**config) as cnx:
    with cnx.cursor() as cur:
        cur.execute("SELECT @@version")
        res = cur.fetchone()
        print(res[0])

Connector/Python supports Multi-Factor Authentication (MFA) as of v8.0.28 by utilizing the password1 (alias of password), password2, and password3 connection options.

Connector/Python supports WebAuthn Pluggable Authentication as of Connector/Python 8.2.0, which is supported in MySQL Enterprise Edition. Optionally use the Connector/Python webauthn_callback connection option to notify users that they need to touch the hardware device. This functionality is present in the C implementation (which uses libmysqlclient) but the pure Python implementation requires the FIDO2 dependency that is not provided with the MySQL connector and is assumed to already be present in your environment. It can be independently installed using:

$> pip install fido2

Previously, the now removed (as of version 8.4.0) authentication_fido MySQL Server plugin was supported using the fido_callback option that was available in the C extension implementation.

Connector/Python supports OpenID Connect as of Connector/Python 9.1.0. Functionality is enabled with the authentication_openid_connect_client client-side authentication plugin connecting to MySQL Enterprise Edition with the authentication_openid_connect authentication plugin. These examples enable the plugin with auth_plugin and defines the JWT Identity Token file location with openid_token_file:

# Standard connection
import mysql.connector as cpy
config = {
    "host": "localhost",
    "port": 3306,
    "user": "root",
    "openid_token_file": "{path-to-id-token-file}",
    "auth_plugin": "authentication_openid_connect_client",
    "use_pure": True, # Use False for C-Extension
}
with cpy.connect(**config) as cnx:
    with cnx.cursor() as cur:
        cur.execute("SELECT @@version")
        print(cur.fetchall())

# Or, using an async connection
import mysql.connector.aio as cpy_async
import asyncio
config = {
    "host": "localhost",
    "port": 3306,
    "user": "root",
    "auth_plugin": "authentication_openid_connect_client",
    "openid_token_file": "{path-to-id-token-file}",
}
async def test():
    async with await cpy_async.connect(**config) as cnx:
        async with await cnx.cursor() as cur:
            await cur.execute("SELECT @@version")
            print(await cur.fetchall())
asyncio.run(test())

Character Encoding

By default, strings coming from MySQL are returned as Python Unicode literals. To change this behavior, set use_unicode to False. You can change the character setting for the client connection through the charset argument. To change the character set after connecting to MySQL, set the charset property of the MySQLConnection instance. This technique is preferred over using the SET NAMES SQL statement directly. Similar to the charset property, you can set the collation for the current MySQL session.

Transactions

The autocommit value defaults to False, so transactions are not automatically committed. Call the commit() method of the MySQLConnection instance within your application after doing a set of related insert, update, and delete operations. For data consistency and high throughput for write operations, it is best to leave the autocommit configuration option turned off when using InnoDB or other transactional tables.

Time Zones

The time zone can be set per connection using the time_zone argument. This is useful, for example, if the MySQL server is set to UTC and TIMESTAMP values should be returned by MySQL converted to the PST time zone.

SQL Modes

MySQL supports so-called SQL Modes. which change the behavior of the server globally or per connection. For example, to have warnings raised as errors, set sql_mode to TRADITIONAL. For more information, see Server SQL Modes.

Troubleshooting and Error Handling

Warnings generated by queries are fetched automatically when get_warnings is set to True. You can also immediately raise an exception by setting raise_on_warnings to True. Consider using the MySQL sql_mode setting for turning warnings into errors.

To set a timeout value for connections, use connection_timeout.

Enabling and Disabling Features Using Client Flags

MySQL uses client flags to enable or disable features. Using the client_flags argument, you have control of what is set. To find out what flags are available, use the following:

from mysql.connector.constants import ClientFlag
print '\n'.join(ClientFlag.get_full_info())

If client_flags is not specified (that is, it is zero), defaults are used for MySQL 4.1 and higher. If you specify an integer greater than 0, make sure all flags are set properly. A better way to set and unset flags individually is to use a list. For example, to set FOUND_ROWS, but disable the default LONG_FLAG:

flags = [ClientFlag.FOUND_ROWS, -ClientFlag.LONG_FLAG]
mysql.connector.connect(client_flags=flags)

Result Set Handling

By default, MySQL Connector/Python does not buffer or prefetch results. This means that after a query is executed, your program is responsible for fetching the data. This avoids excessive memory use when queries return large result sets. If you know that the result set is small enough to handle all at once, you can fetch the results immediately by setting buffered to True. It is also possible to set this per cursor (see Section 10.2.6, “MySQLConnection.cursor() Method”).

Results generated by queries normally are not read until the client program fetches them. To automatically consume and discard result sets, set the consume_results option to True. The result is that all results are read, which for large result sets can be slow. (In this case, it might be preferable to close and reopen the connection.)

Type Conversions

By default, MySQL types in result sets are converted automatically to Python types. For example, a DATETIME column value becomes a datetime.datetime object. To disable conversion, set the raw option to True. You might do this to get better performance or perform different types of conversion yourself.

Connecting through SSL

Using SSL connections is possible when your Python installation supports SSL, that is, when it is compiled against the OpenSSL libraries. When you provide the ssl_ca, ssl_key and ssl_cert options, the connection switches to SSL, and the client_flags option includes the ClientFlag.SSL value automatically. You can use this in combination with the compressed option set to True.

As of Connector/Python 2.2.2, if the MySQL server supports SSL connections, Connector/Python attempts to establish a secure (encrypted) connection by default, falling back to an unencrypted connection otherwise.

From Connector/Python 1.2.1 through Connector/Python 2.2.1, it is possible to establish an SSL connection using only the ssl_ca opion. The ssl_key and ssl_cert arguments are optional. However, when either is given, both must be given or an AttributeError is raised.

# Note (Example is valid for Python v2 and v3)
from __future__ import print_function

import sys

#sys.path.insert(0, 'python{0}/'.format(sys.version_info[0]))

import mysql.connector
from mysql.connector.constants import ClientFlag

config = {
    'user': 'ssluser',
    'password': 'password',
    'host': '127.0.0.1',
    'client_flags': [ClientFlag.SSL],
    'ssl_ca': '/opt/mysql/ssl/ca.pem',
    'ssl_cert': '/opt/mysql/ssl/client-cert.pem',
    'ssl_key': '/opt/mysql/ssl/client-key.pem',
}

cnx = mysql.connector.connect(**config)
cur = cnx.cursor(buffered=True)
cur.execute("SHOW STATUS LIKE 'Ssl_cipher'")
print(cur.fetchone())
cur.close()
cnx.close()

Connection Pooling

With either the pool_name or pool_size argument present, Connector/Python creates the new pool. If the pool_name argument is not given, the connect() call automatically generates the name, composed from whichever of the host, port, user, and database connection arguments are given, in that order. If the pool_size argument is not given, the default size is 5 connections.

The pool_reset_session permits control over whether session variables are reset when the connection is returned to the pool. The default is to reset them.

For additional information about connection pooling, see Section 9.4, “Connector/Python Connection Pooling”.

Protocol Compression

The boolean compress argument indicates whether to use the compressed client/server protocol (default False). This provides an easier alternative to setting the ClientFlag.COMPRESS flag. This argument is available as of Connector/Python 1.1.2.

Converter Class

The converter_class argument takes a class and sets it when configuring the connection. An AttributeError is raised if the custom converter class is not a subclass of conversion.MySQLConverterBase.

Server Failover

The connect() method accepts a failover argument that provides information to use for server failover in the event of connection failures. The argument value is a tuple or list of dictionaries (tuple is preferred because it is nonmutable). Each dictionary contains connection arguments for a given server in the failover sequence. Permitted dictionary values are: user, password, host, port, unix_socket, database, pool_name, pool_size. This failover option was added in Connector/Python 1.2.1.

Option File Support

As of Connector/Python 2.0.0, option files are supported using two options for connect():

  • option_files: Which option files to read. The value can be a file path name (a string) or a sequence of path name strings. By default, Connector/Python reads no option files, so this argument must be given explicitly to cause option files to be read. Files are read in the order specified.

  • option_groups: Which groups to read from option files, if option files are read. The value can be an option group name (a string) or a sequence of group name strings. If this argument is not given, the default value is ['client', 'connector_python'] to read the [client] and [connector_python] groups.

For more information, see Section 7.2, “Connector/Python Option-File Support”.

LOAD DATA LOCAL INFILE

Prior to Connector/Python 2.0.0, to enable use of LOAD DATA LOCAL INFILE, clients had to explicitly set the ClientFlag.LOCAL_FILES flag. As of 2.0.0, this flag is enabled by default. To disable it, the allow_local_infile connection option can be set to False at connect time (the default is True).

Compatibility with Other Connection Interfaces

passwd, db and connect_timeout are valid for compatibility with other MySQL interfaces and are respectively the same as password, database and connection_timeout. The latter take precedence. Data source name syntax or dsn is not used; if specified, it raises a NotSupportedError exception.

Client/Server Protocol Implementation

Connector/Python can use a pure Python interface to MySQL, or a C Extension that uses the MySQL C client library. The use_pure mysql.connector.connect() connection argument determines which. The default changed in Connector/Python 8 from True (use the pure Python implementation) to False. Setting use_pure changes the implementation used.

The use_pure argument is available as of Connector/Python 2.1.1. For more information about the C extension, see Chapter 8, The Connector/Python C Extension.