MYSql, CGI web page search code not working

Diez B. Roggisch deets at
Sat Jan 28 17:28:14 CET 2006

> db=MySQLdb.connect(host = 'localhost', db = 'phone')
> cursor=db.cursor()
> cursor.execute("Select * from phone where name = name order by name")

You don't parametrize the query. The where-clause thus is a tautology, 
as the name is always the name.

Do something like this:

cursor.execute("Select * from phone where name = ? order by name", (name,))

Actually it might be necessary to use something different from the ? to 
specify the parameter - that depends on the paramstyle of your DB-Api. 
Check that in the interpreter with

import MySQLdb
print mySQLdb.paramstyle


More information about the Python-list mailing list