1

I'm trying to retrieve data from SQL table by entry.get() function.

def display_1():
    global entry_1    
    x = entry_1.get()
    if x =="ball":
        objects = cursor.execute("select * from table where stuff=='ball' ") 
        for row in objects.fetchall():
            print("objects =", row[1],row[2],row[3])

I tried the code :objects = cursor.execute("select * from table where stuff==x ") but it doesn't work. I would use the x variable to retrieve data from database.

the full code is below:

import sqlite3
connection = sqlite3.connect('table.db')
cursor = connection.cursor()
connection.commit()
import tkinter as tk
def display_1():
    x = entry_1.get()
    if x =="ball":
        objects = cursor.execute("select * from table where stuff=='ball' ")
        for row in objects.fetchall():
            print("objects =", row[1],row[2],row[3])
root = tk.Tk()
entry_1 = tk.Entry(root)
btn_1 = tk.Button(root, text = "Display Text", command = display_1)
entry_1.grid(row = 0, column = 0)
btn_1.grid(row = 1, column = 0)
root.mainloop()
ztekinos
  • 29
  • 1
  • 4

1 Answers1

1

Update: Based on your comments I have changed the function to work directly with the entry field. I used a try/except statement to handle a failed query.

Try this:

import sqlite3
import tkinter as tk


connection = sqlite3.connect('table.db')
cursor = connection.cursor()
connection.commit()

root = tk.Tk()

entry_1 = tk.Entry(root)

def display_1():
    try:
        # changed this to follow the safer example in the duplicate post.
        objects = cursor.execute("select * from table where stuff=?",(entry_1.get(),))
        for row in objects.fetchall():
            print("objects = {}".format((row[1], row[2], row[3])))
    except:
        print("query failed.")

btn_1 = tk.Button(root, text="Display Text", command=display_1)
entry_1.grid(row=0, column=0)
btn_1.grid(row=1, column=0)

root.mainloop()
ztekinos
  • 29
  • 1
  • 4
Mike - SMT
  • 14,784
  • 4
  • 35
  • 79
  • I think the point of the question is that the OP doesn't want the `if` statement. They can't write an `if` statement for every possible value in the entry. Instead, they want to know how to directly use the variable in the query. That's why I marked it as a duplicate. This seems to have have nothing to do with tkinter, and everything to do with how to make a parameterized query. – Bryan Oakley Oct 17 '18 at 14:42
  • Mike thank you again but I would remove if x=="ball" and objects = cursor.execute("select * from table where stuff=='ball' ") codes. for example, in sql theer are several objects: ball, bat, watch. I would write bat in the gui form so my x variable ( x=entry_1.get()) store the word bat. now I would retrieve the values on sql by stuff == x selection . in this case stuff should be equal to bat. – ztekinos Oct 17 '18 at 14:46
  • @ bryan oakley. exactly – ztekinos Oct 17 '18 at 14:47
  • I see. Well I updated my example to only use the entry field without an if statement. Let me know if that helps. – Mike - SMT Oct 17 '18 at 14:54
  • @BryanOakley Thanks for the info Bryan. I have updated my answer to use the entry field directly. I guess I miss understood the need and thought he was having a problem getting the data from the entry field. – Mike - SMT Oct 17 '18 at 14:55
  • Your code will work in some cases, but it opens the app up to an sql injection attack. I realize this is highly unlikely for a desktop app, but still, there are better ways to do a parameterized query. Your code will fail, for example, if the data in the widget contains a single quote. – Bryan Oakley Oct 17 '18 at 14:56
  • @BryanOakley Hum. I am unfamiliar with security risk like that. I do not spend much time with SQL I will review the duplicate post to see if I can modify my code to be more secure. – Mike - SMT Oct 17 '18 at 14:57
  • @BryanOakley I changed the execute to be written in the same way as one of the answer mentioned would be more secure. Let me know if I am misunderstanding this. – Mike - SMT Oct 17 '18 at 15:02