Home > Net >  OperationalError: no such column: a
OperationalError: no such column: a

Time:10-14

I'm trying to get the value of name=a and get the data there But I'm getting

sqlite3.OperationalError: no such column: a 

@app.route('/editform/<_name>')
def editform(_name):
    db = sql.connect("database.db")

    cursor = db.cursor()    

    cursor.execute('SELECT * FROM students WHERE name= %s' %_name)

CodePudding user response:

That's because you use string formatting to substitute %s with the value of _name, ending up with

SELECT * FROM students WHERE name= a

Note that a here is interpreted to be a column name because it is not between quotes (i.e. "a").

Don't use string formatting for SQL statements as you will be vulnerable to SQL injection attacks. Use the proper placeholder syntax:

cursor.execute('SELECT * FROM students WHERE name=?', (_name,))

Page link:https//www.codepudding.com/net/152201.html

Prev:Is there a way to fetch value of the column that was matched in where?
Next:Flyway best practice: one large migration script vs many incremental ones
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding