0

I am attempting to write an SQL query to update the password of a user currently logged into a web application. I am using a session ID to identify the specific user to which to update the password for. However, I am unsure of how to write the correct syntax for the query

Here is the query in question:

cursor.execute("UPDATE user SET password = %s WHERE email = ?", [confirm_password], session['email'])

And the error being generated as a result:

mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1

I would like to update only the password of the user who is logged in using the session ID their username(in this case an email address).

Any help would be appreciated. Thanks.

Patrick Browne
  • 11
  • 3

1 Answers1

0

You need to supply them as tuple of values to be inserted in your execute statement.

Syntax looks like this: cursor.execute(operation, params=None, multi=False)

  • operation is your query string
  • params is a tuple containing all params inside it
cursor.execute("UPDATE user SET password = %s WHERE email = %s", 
               (confirm_password, session['email']) )

and you probably also should use % twice..

See connector-python-api-mysqlcursor-execute

When in doubt, I lookup syntax here: http://bobby-tables.com/python or use the original doku.

Patrick Artner
  • 50,409
  • 9
  • 43
  • 69