-1

New to flask/coding here and am looking for a simple command for how to update a cell value in a table-like database (a row and column value). The column values are letters, and the row values are (string) numbers [i.e: one, two, three, NOT 1, 2, 3]. I'm trying to change the value of a specific depending on user input from a form. Can someone help me out in explaining why this line of code doesn't work?

db.execute("UPDATE table SET" + user_input_letter + " = 1 WHERE " + user-input_number + " = one")

I should also clarify that the values on the table are just integers (0,1,2,3,....).

maxg
  • 1

1 Answers1

0

Probably this first portion:

db.execute("UPDATE table SET" + user_input_letter

No space between SET and user_input_letter means it'll say UPDATE table SETletter where letter is whatever letter was assigned to user_input_letter.

Also, you should look into string formatting, it makes this type of thing much easier to spot and allows you to not use confusing concatenation via multiple + symbols.

That being said, DO NOT USE THIS FOR DB OPERATIONS. @davidism is right in that this is an insecure method and should not be used this way.

I undeleted this because I wanted you to know why it wasn't working and to tell you about string formatting.

jhomr
  • 477
  • 3
  • 16