Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Python 3 sqlite parameterized SQL-query

I've been trying to make a parameterized SQL-query with Python 3 and sqlite module and succeeded with just one variable. However when using two variables, I get an IndexError: tuple index out of range error. Any suggestions as to what is causing this error?

sql = ("select exists(SELECT * from USERS where PASSWORD = '{0}' AND USERNAME = '{1}')")
args = (var1,var2)
cursor = database_connection.execute((sql).format(args))
like image 221
B.Turris Avatar asked Jul 13 '26 02:07

B.Turris


1 Answers

Never fill in raw entries in your sql command, this is calling for sql injection attacks.

Use the built-in fill-in function.

sql = "select exists(SELECT * from USERS where PASSWORD = ? AND USERNAME = ?)"
args = (var1,var2)
cursor = database_connection.execute(sql, args)
like image 179
P-Gn Avatar answered Jul 14 '26 15:07

P-Gn



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!