Home > Enterprise >  how to send parameters with f-Strings in a sqllite query python
how to send parameters with f-Strings in a sqllite query python

Time:01-21

how can i send a parameter to a query this is my code

import pandas as pd
import sqlite3

def query_brand(filter):
    sql_query = pd.read_sql(f'SELECT * FROM ps_lss_brands WHERE label = {filter}', 
    self.conn_brand)
    df = pd.DataFrame(sql_query, columns = ['id_brand', 'label'])
    # print(df["id_brand"][0])
    print(df)
query_brand("ACURA")

this the error that i get

pandas.errors.DatabaseError: Execution failed on sql 'SELECT * FROM ps_lss_brands WHERE label=ACURA': no such column: ACURA

my colunm is label but in the query it is trying to look for an ACURA colunm

CodePudding user response:

There is an issue in the fourth line. Please change your SQL query to include quotation marks around the {filter}

Specifically, make your fourth line something like this:

sql_query = pd.read_sql(f"SELECT * FROM ps_lss_brands WHERE label = '{filter}'", 
 self.conn_brand)

However, you should try to avoid this altogether, and instead use parameterized queries. This will prevent SQL injection.

Page link:https//www.codepudding.com/Enterprise/679150.html

Prev:Using base Images for Services in docker-compose with different args
Next:Get the MAX(value) using fiscal type years ie; 2016/2017, etc
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding