0

I am working on a simple program that needs a connection in MySQL. I got a problem with my query and i'm stuck with it. It says that "not all arguments converted during string formatting" but as far as i know, my syntax is correct. What's the problem on it? Here is my code:

username = (self.username.text())
cur.execute("SELECT * FROM users WHERE username = %s", (username))
Jaypee
  • 53
  • 1
  • 2
  • 10
  • 1
    You meant to define query parameters as a tuple, you are missing a comma after "username": `cur.execute("SELECT * FROM users WHERE username = %s", (username, ))` – alecxe Oct 11 '17 at 02:32
  • Oh thanks for the correction. I am just a beginner here btw. I thought that if it works, it is already done. – Jaypee Oct 11 '17 at 06:13

1 Answers1

0

After making a plenty of trials and errors. I already got it haha. Here it is:

username = (self.username.text())
cur.execute("SELECT * FROM users WHERE username = %s", (username, ))
Jaypee
  • 53
  • 1
  • 2
  • 10
  • 1
    No, string-formatting an SQL query is NOT a solution. This is **a)** dangerous (see [SQL injections](https://en.wikipedia.org/wiki/SQL_injection)) **b)** error-prone (check what if `username` contains a single quote?). – alecxe Oct 11 '17 at 02:30
  • I already updated my answer. Thanks again – Jaypee Oct 12 '17 at 03:10