Jul-29-2021, 05:31 AM
(Jul-29-2021, 05:07 AM)Pedroski55 Wrote:cur = conn.cursor() # Select query cur.execute(f"SELECT studentnr, score FROM allstudentsAnswers{clas} WHERE weeknr = '{weeknr}'")...
cur = conn.cursor() # Select query cur.execute(f"SELECT * FROM tbl_colours WHERE pc_name = '{mycmb}'") output = cur.fetchall()
Please don't advise people to use string interpolation (or concatenation) in SQL queries as that is vulnerable to SQL injection. Parameterised queries are the correct way to do it, as they give the database a chance to validate the input.