-2

Im struggeling on this problem with excuting sql in my flask python app.

Im trying to excecute a like function with a variable that im recieving from my get reqs.

for example i've tried this yet :

rows = cursor.execute(f"SELECT * FROM vragen WHERE vraag LIKE ':text'",
                      {"text": '%' + query + '%'}).fetchall()

but this gives me an empty array unfortunately.

This gives me data but then im not using a variable which i need in this case.

rows = cursor.execute(f"SELECT * FROM vragen WHERE vraag LIKE '%which%'").fetchall()

Does anyone know an easy to way to solve this?

Thanks for advance

davidism
  • 121,510
  • 29
  • 395
  • 339
Developermees
  • 27
  • 3
  • Note that you are _selecting_, not _inserting_. – snakecharmerb Nov 25 '22 at 13:58
  • The format for Python's f-strings is `f"This is an f-string {var_name} and {var_name}."`. You should also be **very wary** of f-strings going directly into SQL queries, as [this answer](https://stackoverflow.com/a/63946987/15291770) points out – Harrison Nov 29 '22 at 17:35

1 Answers1

1

You shouldn't have quotes around :text:

rows = cursor.execute(f"SELECT * FROM vragen WHERE vraag LIKE :text",
                      {"text": '%' + query + '%'}).fetchall()
Booboo
  • 38,656
  • 3
  • 37
  • 60