how to update mysql row using user information : Forums : PythonAnywhere

how to update mysql row using user information

[edited by admin: formatting]

name='emmanuel'
age=30
country='us'
id=100

cur.execute( UPDATE table SET user_name=name, age=age, country=country WHERE user_id= id)

how do you update a table using the above variables in python. i have search the web but was unable to find an example.

thanks

deleted-user-1796040 | 15 posts | Oct. 17, 2016, 5:15 a.m. | permalink

Are you using Django?

rcs1000 | 311 posts | Oct. 17, 2016, 10:22 a.m. | permalink

cur.execute takes a string. You could use string formatting to put in the variables.

conrad | 4232 posts | PythonAnywhere staff | Oct. 17, 2016, 11:25 a.m. | permalink

no i am using bottle

deleted-user-1796040 | 15 posts | Oct. 17, 2016, 11:59 a.m. | permalink

please ignore conrad's terrible advice. he was tired yesterday. using string formatting in sql statements is a terrible idea because it opens you up to SQL injection attacks.

instead, you should replace your values with a placeholder character "?", and then pass your parameters to cur.execute as a second argument, in a tuple, like this:

cur.execute(
    "UPDATE table SET user_name=?, age=?, country=? WHERE user_id=?)",
    (name, age, country, id)
)

More info here: https://docs.python.org/3.5/library/sqlite3.html.

If you're using mysql or postgres instead of sqlite, they may use a different placeholder character instead of the "?"

harry | 2710 posts | PythonAnywhere staff | Oct. 18, 2016, 11:21 a.m. | permalink

I just read the thread title! If you're using MySQL, the placeholder is "%s", so:

cur.execute(
    "UPDATE table SET user_name=%s, age=%s, country=%s WHERE user_id=%s)",
    (name, age, country, id)
)

harry | 2710 posts | PythonAnywhere staff | Oct. 18, 2016, 11:25 a.m. | permalink