I am new to python and I am struggling with mysql commands and parameters. Specifically, I find that I must use the '%' to separate the command from the parameters:
The connection is included as comments only for informational purposes.
@app.route("/test")
def test():
# db = pymysql.connect(
# host="localhost",
# user="root",
# password="---------",
# database="golf",
# charset="utf8mb4",
# cursorclass=pymysql.cursors.DictCursor,
# )
cur = db.cursor()
cur.execute("USE golf")
mySQLQuery = "SELECT * FROM users WHERE email='%s'"
email = "test@test.com"
cur.execute(mySQLQuery % (email,))
return render_template("index.html")
The examples I have found seem to use a ',' instead of a '%', and, if I am not mistaken, a ',' may be recommended. However I receive an error when I replace the '%' with a ',':
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test@test.com''' at line 1")
The only change I made was in the cur.execute command:
cur.execute(mySQLQuery, (email,))
I recognize that my understanding may be incorrect and a '%' is acceptable.
Any guidance or suggestions will be appreciated.
Try removing the ' from " ... email='%s' "
Make it just email = %s and use cur.execute(mySQLQuery, (email,))
Hope this helps
Here you can find a good example https://stackoverflow.com/a/37094912/12474033