(flask) python - mysql - using where clause in a select query with variable from URL
13,143
Use placeholders in the query and pass the parameters as a tuple to execute.
@app.route('/select/<username>')
def select(username):
db = MySQLdb.connect("localhost","myusername","mypassword","mydbname" )
cursor = db.cursor()
query_string = "SELECT * FROM p_shahr WHERE os = %s"
cursor.execute(query_string, (username,))
data = cursor.fetchall()
db.close()
return render_template('select.html', data=data)
But, be aware that this [passing data from URL directly to DB] is a very naive and attack prone approach. See
Related videos on Youtube
13 : 51
Flask Tutorial #5 - Sessions
11 : 06
Flask Tutorial #4 - HTTP Methods (GET/POST) & Retrieving Form Data
22 : 51
Python Flask with MySQL Database
03 : 57
Python and MySQL - Selecting and Getting Data
24 : 16
Using Databases With Flask - Python and Flask #8
14 : 32
Generating Select Fields in Flask-WTF From SQLAlchemy Queries (QuerySelectField)
19 : 00
How To Use MySQL Database With Flask - Flask Fridays #9
14 : 14
Python Flask MySQL Simple CRUD
13 : 20
Python Flask MySQL Database Example
09 : 13
Python Flask Multiple Select option using Bootstrap Select Plugin and Jquery Ajax Mysql database
35 : 13
Python Flask - Giới thiệu SqlAlchemy tương tác MySQL
05 : 47
MySQL SELECT Query in Python with WHERE to get matching records by user input & parameterized query
Author by
niloofar
Updated on September 14, 2022Comments
-
niloofar over 1 year
@app.route('/select/<username>') def select(username): db = MySQLdb.connect("localhost","myusername","mypassword","mydbname" ) cursor = db.cursor() cursor.execute("SELECT * FROM p_shahr") data = cursor.fetchall() db.close() return render_template('select.html', data=data)I want to edit the select query in this script in order to have
SELECT * FROm p_shahr WHERE os = usernameHow should I edit the query to include the where clause above to set
ostousernamethat is coming from URL?