(Aug-25-2020, 01:16 PM)buran Wrote: your line 8
query = ("SELECT f.family_name, f.family_description, f.family_address, f.family_phone FROM Family f WHERE f.family_name like "%+user_input+"% or f.family_address like "%"+user_input+"%" ORDER BY family_name")should raise an error
check the quotes. ALso note that what you do is prone to cause you problems. You should use parametrized query, not concatenate user input. this will open your code to sql injections
Error:>>> user_input = 'SPAM' >>> query = ("SELECT f.family_name, f.family_description, f.family_address, f.family_phone FROM Family f WHERE f.family_name like "%+user_input+"% or f.family_address like "%"+user_input+"%" ORDER BY family_name") Traceback (most recent call last): File "<stdin>", line 1, in <module> TypeError: bad operand type for unary +: 'str'
and there is no need of using brackets on this line
This is what I did but got a new Error and tried to fix it changing the position of "cur=db.connection.cursor()" but nothing
MySQLdb._exceptions.ProgrammingError MySQLdb._exceptions.ProgrammingError: execute() first
@app.route('/search', methods=['GET', 'POST']) def search(): cur = db.connection.cursor() if request.method == "POST": user_input = request.form["user_input"] cur.execute = ("SELECT f.family_name, f.family_description, f.family_address, f.family_phone FROM Shop f WHERE f.family_address LIKE %s ORDER BY family_name", ( "%" + user_input + "%",)) results = cur.fetchall() return render_template('search_results.html', user_input=user_input, results=results) else: return redirect(url_for('home'))