MYSql, CGI web page search code not working
Diez B. Roggisch
deets at nospam.web.de
Sat Jan 28 11:28:14 EST 2006
>
> db=MySQLdb.connect(host = 'localhost', db = 'phone')
> cursor=db.cursor()
> cursor.execute("Select * from phone where name = name order by name")
You don't parametrize the query. The where-clause thus is a tautology,
as the name is always the name.
Do something like this:
cursor.execute("Select * from phone where name = ? order by name", (name,))
Actually it might be necessary to use something different from the ? to
specify the parameter - that depends on the paramstyle of your DB-Api.
Check that in the interpreter with
import MySQLdb
print mySQLdb.paramstyle
Diez
More information about the Python-list
mailing list