Apr-05-2020, 02:21 PM
(Nov-18-2019, 07:50 PM)keuninkske Wrote:def opvragenminimumstock(partnum): minimumstock = cursor1.execute("select columna from TABLEA where columnb = '"+ partnum +"'") print(minimumstock) pass
You should never be building queries by concatenating strings (the term to look up is "SQL injection"). Instead, you should be using the right placeholder character (which is apparently
?
, according to the documentation.In addition, that
pass
statement is unnecessary.