Python Forum
Python Forum

Problem Using SQL Placeholder In MySQL Query
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Problem Using SQL Placeholder In MySQL Query
AdeS
Programmer named Tim
Posts: 10
Threads: 2
Joined: Jul 2021
Reputation: 0
#11
Jul-30-2021, 05:00 PM
(Jul-29-2021, 05:31 AM)ndc85430 Wrote:
(Jul-29-2021, 05:07 AM)Pedroski55 Wrote: 
cur = conn.cursor()
    
# Select query 
cur.execute(f"SELECT studentnr, score FROM allstudentsAnswers{clas} WHERE weeknr = '{weeknr}'")
...

cur = conn.cursor()
    
# Select query 
cur.execute(f"SELECT * FROM tbl_colours WHERE pc_name = '{mycmb}'") 
output = cur.fetchall()

Please don't advise people to use string interpolation (or concatenation) in SQL queries as that is vulnerable to SQL injection. Parameterised queries are the correct way to do it, as they give the database a chance to validate the input.


Hi Pedroski55

I will try your solution but this is the one I found and it works a treat:

mysql = "SELECT * FROM tbl_colours WHERE pc_name = %(pc_name)s"

mycursor.execute(mysql, {'pc_name': mycmb})

Cheers
Find
Reply
Pedroski55
Giant Foot
Posts: 842
Threads: 133
Joined: Jul 2017
Reputation: 25
#12
Jul-31-2021, 12:19 AM
Glad to hear that!

For me, security is not an issue, I only have homework on my webpage.

I once asked on phphelp.com if they could show me an SQL injection attack to meltdown my database, but no one answered.

But I'm sure it is wise to consider security.

Check out the link I posted, here it is again.

Looks very good!
Find
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Mysql and mysql.connector error lostintime 2 734 Oct-03-2023, 10:25 PM
Last Post: lostintime
  Mysql error message: Lost connection to MySQL server during query tomtom 6 16,284 Feb-09-2022, 09:55 AM
Last Post: ibreeden
  Problem updating value in MySQL database dangermaus33 1 1,659 Nov-24-2020, 08:32 PM
Last Post: dangermaus33
  MYSQL Update Query format simdo01 1 2,252 Aug-31-2020, 12:59 AM
Last Post: nilamo
  Python mysql query help please tduckman 4 4,367 Mar-13-2020, 03:42 PM
Last Post: Marbelous
  Problem with bindnig for query DT2000 16 8,236 Mar-21-2019, 01:50 AM
Last Post: DT2000
  Looking for an up to date example to query mysql UtiliseIT 5 3,632 Feb-19-2019, 05:35 AM
Last Post: UtiliseIT
  MySQL INSERT Problem gw1500se 5 3,987 Jul-13-2018, 10:27 AM
Last Post: buran
  Problem with Python, MySQL and Multi-threading queries zagk 1 11,937 Jul-01-2017, 12:15 AM
Last Post: zagk
  MySQLdb, problem with query with user-defined variables buran 6 6,467 Feb-03-2017, 06:16 PM
Last Post: buran

Forum Jump:

User Panel Messages

Log Out
My Profile
Pay your profile a visit
User Control Panel
Do some changes on your profile
My Messages
View private messages unread
Avatar
Change avatar
Signature
Change signature
Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020