Problem Using SQL Placeholder In MySQL Query

Thread Rating:

0 Vote(s) - 0 Average
1
2
3
4
5

Thread Modes

Problem Using SQL Placeholder In MySQL Query

AdeS
Programmer named Tim

Posts: 10

Threads: 2

Joined: Jul 2021

Reputation: 0

#11

Jul-30-2021, 05:00 PM

(Jul-29-2021, 05:31 AM)ndc85430 Wrote:
(Jul-29-2021, 05:07 AM)Pedroski55 Wrote:
cur = conn.cursor()
    
# Select query 
cur.execute(f"SELECT studentnr, score FROM allstudentsAnswers{clas} WHERE weeknr = '{weeknr}'") 
...
cur = conn.cursor()
    
# Select query 
cur.execute(f"SELECT * FROM tbl_colours WHERE pc_name = '{mycmb}'") 
output = cur.fetchall() 
Please don't advise people to use string interpolation (or concatenation) in SQL queries as that is vulnerable to SQL injection. Parameterised queries are the correct way to do it, as they give the database a chance to validate the input.

Hi Pedroski55

I will try your solution but this is the one I found and it works a treat:

mysql = "SELECT * FROM tbl_colours WHERE pc_name = %(pc_name)s"

mycursor.execute(mysql, {'pc_name': mycmb})

Cheers

Find

Messages In This Thread

Problem Using SQL Placeholder In MySQL Query - by AdeS - Jul-28-2021, 03:57 PM

RE: Problem Using SQL Placeholder In MySQL Query - by ndc85430 - Jul-28-2021, 05:21 PM

RE: Problem Using SQL Placeholder In MySQL Query - by AdeS - Jul-28-2021, 06:48 PM

RE: Problem Using SQL Placeholder In MySQL Query - by ndc85430 - Jul-30-2021, 06:15 AM

RE: Problem Using SQL Placeholder In MySQL Query - by AdeS - Jul-28-2021, 06:51 PM

RE: Problem Using SQL Placeholder In MySQL Query - by Pedroski55 - Jul-29-2021, 05:07 AM

RE: Problem Using SQL Placeholder In MySQL Query - by ndc85430 - Jul-29-2021, 05:31 AM

RE: Problem Using SQL Placeholder In MySQL Query - by AdeS - Jul-30-2021, 05:00 PM

RE: Problem Using SQL Placeholder In MySQL Query - by Pedroski55 - Jul-29-2021, 08:39 AM

RE: Problem Using SQL Placeholder In MySQL Query - by Pedroski55 - Jul-29-2021, 12:18 PM

RE: Problem Using SQL Placeholder In MySQL Query - by AdeS - Jul-30-2021, 04:55 PM

RE: Problem Using SQL Placeholder In MySQL Query - by Pedroski55 - Jul-31-2021, 12:19 AM

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Mysql and mysql.connector error	lostintime	2	863	Oct-03-2023, 10:25 PM Last Post: lostintime
	Mysql error message: Lost connection to MySQL server during query	tomtom	6	16,881	Feb-09-2022, 09:55 AM Last Post: ibreeden
	Problem updating value in MySQL database	dangermaus33	1	1,727	Nov-24-2020, 08:32 PM Last Post: dangermaus33
	MYSQL Update Query format	simdo01	1	2,319	Aug-31-2020, 12:59 AM Last Post: nilamo
	Python mysql query help please	tduckman	4	4,496	Mar-13-2020, 03:42 PM Last Post: Marbelous
	Problem with bindnig for query	DT2000	16	8,532	Mar-21-2019, 01:50 AM Last Post: DT2000
	Looking for an up to date example to query mysql	UtiliseIT	5	3,753	Feb-19-2019, 05:35 AM Last Post: UtiliseIT
	MySQL INSERT Problem	gw1500se	5	4,118	Jul-13-2018, 10:27 AM Last Post: buran
	Problem with Python, MySQL and Multi-threading queries	zagk	1	12,077	Jul-01-2017, 12:15 AM Last Post: zagk
	MySQLdb, problem with query with user-defined variables	buran	6	6,641	Feb-03-2017, 06:16 PM Last Post: buran

Users browsing this thread: 1 Guest(s)

View a Printable Version

Problem Using SQL Placeholder In MySQL Query

User Panel Messages

Announcements