Problem Using SQL Placeholder In MySQL Query

Thread Rating:

0 Vote(s) - 0 Average
1
2
3
4
5

Thread Modes

Problem Using SQL Placeholder In MySQL Query

AdeS
Programmer named Tim

Posts: 10

Threads: 2

Joined: Jul 2021

Reputation: 0

#11

Jul-30-2021, 05:00 PM

(Jul-29-2021, 05:31 AM)ndc85430 Wrote:
(Jul-29-2021, 05:07 AM)Pedroski55 Wrote:
cur = conn.cursor()
    
# Select query 
cur.execute(f"SELECT studentnr, score FROM allstudentsAnswers{clas} WHERE weeknr = '{weeknr}'") 
...
cur = conn.cursor()
    
# Select query 
cur.execute(f"SELECT * FROM tbl_colours WHERE pc_name = '{mycmb}'") 
output = cur.fetchall() 
Please don't advise people to use string interpolation (or concatenation) in SQL queries as that is vulnerable to SQL injection. Parameterised queries are the correct way to do it, as they give the database a chance to validate the input.

Hi Pedroski55

I will try your solution but this is the one I found and it works a treat:

mysql = "SELECT * FROM tbl_colours WHERE pc_name = %(pc_name)s"

mycursor.execute(mysql, {'pc_name': mycmb})

Cheers

Find

Messages In This Thread

Problem Using SQL Placeholder In MySQL Query - by AdeS - Jul-28-2021, 03:57 PM

RE: Problem Using SQL Placeholder In MySQL Query - by ndc85430 - Jul-28-2021, 05:21 PM

RE: Problem Using SQL Placeholder In MySQL Query - by AdeS - Jul-28-2021, 06:48 PM

RE: Problem Using SQL Placeholder In MySQL Query - by ndc85430 - Jul-30-2021, 06:15 AM

RE: Problem Using SQL Placeholder In MySQL Query - by AdeS - Jul-28-2021, 06:51 PM

RE: Problem Using SQL Placeholder In MySQL Query - by Pedroski55 - Jul-29-2021, 05:07 AM

RE: Problem Using SQL Placeholder In MySQL Query - by ndc85430 - Jul-29-2021, 05:31 AM

RE: Problem Using SQL Placeholder In MySQL Query - by AdeS - Jul-30-2021, 05:00 PM

RE: Problem Using SQL Placeholder In MySQL Query - by Pedroski55 - Jul-29-2021, 08:39 AM

RE: Problem Using SQL Placeholder In MySQL Query - by Pedroski55 - Jul-29-2021, 12:18 PM

RE: Problem Using SQL Placeholder In MySQL Query - by AdeS - Jul-30-2021, 04:55 PM

RE: Problem Using SQL Placeholder In MySQL Query - by Pedroski55 - Jul-31-2021, 12:19 AM

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Mysql and mysql.connector error	lostintime	2	865	Oct-03-2023, 10:25 PM Last Post: lostintime
	Mysql error message: Lost connection to MySQL server during query	tomtom	6	16,905	Feb-09-2022, 09:55 AM Last Post: ibreeden
	Problem updating value in MySQL database	dangermaus33	1	1,732	Nov-24-2020, 08:32 PM Last Post: dangermaus33
	MYSQL Update Query format	simdo01	1	2,323	Aug-31-2020, 12:59 AM Last Post: nilamo
	Python mysql query help please	tduckman	4	4,501	Mar-13-2020, 03:42 PM Last Post: Marbelous
	Problem with bindnig for query	DT2000	16	8,548	Mar-21-2019, 01:50 AM Last Post: DT2000
	Looking for an up to date example to query mysql	UtiliseIT	5	3,755	Feb-19-2019, 05:35 AM Last Post: UtiliseIT
	MySQL INSERT Problem	gw1500se	5	4,121	Jul-13-2018, 10:27 AM Last Post: buran
	Problem with Python, MySQL and Multi-threading queries	zagk	1	12,080	Jul-01-2017, 12:15 AM Last Post: zagk
	MySQLdb, problem with query with user-defined variables	buran	6	6,644	Feb-03-2017, 06:16 PM Last Post: buran

Users browsing this thread: 2 Guest(s)

View a Printable Version

Problem Using SQL Placeholder In MySQL Query

User Panel Messages

Announcements