Home > Net >  OperationalError: no such column: a
OperationalError: no such column: a

Time:10-14

I'm trying to get the value of name=a and get the data there But I'm getting

sqlite3.OperationalError: no such column: a 
@app.route('/editform/<_name>')
def editform(_name):
    db = sql.connect("database.db")

    cursor = db.cursor()    

    cursor.execute('SELECT * FROM students WHERE name= %s' %_name)

CodePudding user response:

That's because you use string formatting to substitute %s with the value of _name, ending up with

SELECT * FROM students WHERE name= a

Note that a here is interpreted to be a column name because it is not between quotes (i.e. "a").

Don't use string formatting for SQL statements as you will be vulnerable to SQL injection attacks. Use the proper placeholder syntax:

cursor.execute('SELECT * FROM students WHERE name=?', (_name,))
  • Related