I have recently started to learn Python and MySQL for web purposes and I have run into a following problem :
I want to pull out from a mysql database one record that contains any text that I enter in param section, howerver I am running into following problem when making a query:
traceback (most recent call last):
File "/Users/Strielok/Desktop/test.py", line 13, in <module>
c.execute("SELECT * FROM data WHERE params LIKE ('%s%') LIMIT 1" % (param))
TypeError: not enough arguments for format string
Here is my code:
import MySQLdb
db = MySQLdb.connect (host = "localhost",
user = "root",
passwd = "root",
db = "test")
param = "Test"
par = param
c = db.cursor()
c.execute("SELECT * FROM data WHERE params LIKE ('%s%') LIMIT 1" % (param))
data = c.fetchall()
print data
c.close()
Thanks in advance.
Directly inserting the data into the SQL string is not the best way to do this, as it is prone to SQL injection. You should change it to this:
c.execute("SELECT * FROM data WHERE params LIKE %s LIMIT 1", ("%" + param + "%",))