0
def search():
    searc = input("Enter the name you want to search: ")
    s = (searc)
    mycursor.execute("SELECT * FROM studen WHERE Name = {}".format(s))
    for i in mycursor:
        print(i)

I'm trying to fetch data from the studen table where name is entered by the user.

Here is the error that I'm getting:

ERROR: mysql.connector.errors.ProgrammingError: 1054 (42S22): Unknown column 'ayush' in 'where clause'

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
connerito
  • 1
  • 1

1 Answers1

1

The immediate problem is that your query is missing quotes. The string you get with .format() looks like this, assuming ayush is your input:

SELECT * FROM studen WHERE Name = ayush

But it needs to look like this:

SELECT * FROM studen WHERE Name = 'ayush'

However, you shouldn't be using .format() at all since it leaves you wide open to SQL injection.

This is the proper way to parametrize a query using mysql.connector:

mycursor.execute("SELECT * FROM studen WHERE Name = %s", (s,))

Note also that I have used (s,) instead of (s) here to get a tuple of one element.

ChrisGPT was on strike
  • 127,765
  • 105
  • 273
  • 257
  • Yes it works. I actually tried your code a day ago but instead of writing this (s ,) I wrote (s) without comma. Thank you for helping out. – connerito Jan 02 '21 at 16:30