Why does my SQL query keep throwing an error when I am using the right column name and the correct statement?

Question

I am trying to create a book Database system using MySQL Python and Flask. My 3 columns in my Books table are title, author, and publish_year.

I have a SQL Command that says

"SELECT * FROM Books WHERE title=" + str(title)"

And whenever I try to call my endpoint with

http://127.0.0.1:5000/getbookfromtitle/Twilight

I get the error

 Unknown column 'Twilight' in 'where clause'

Does anyone know what could be causing this error? My full Flask function is

@app.route("/getbookfromtitle/<title>", methods=["GET"])
def getBookFromTitle(title):
    if request.method == "GET":
        sql = "SELECT * FROM Books WHERE title=" + str(title)
        mycursor.execute(sql)
        result = mycursor.fetchall()

        for x in result:
            print(x)
        return str(result)

score 1 · Accepted Answer · answered May 28 '22 at 05:02

1

Never mind I think I figured it out.

I have to do

mycursor.execute("SELECT * FROM Books WHERE title=%s", (title,))

After I did this, it worked for some reason.

answered May 28 '22 at 05:02

user15312648

61
6

Why does my SQL query keep throwing an error when I am using the right column name and the correct statement?

1 Answers1