How to avoid the below error in Python Flask

Question

I am using the below 3 html i.e. Index.html , Results.html and Edit.html and python code file app.py code is also pasted below. The save to the DB is working fine and when I retrieve the data for editing and click on Submit I am encountering the below error "_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s' at line 1")"

Index.html

<h1>Welcome</h1>
<br>

<br>

<form method="POST" action="{{ url_for('index') }}">

Name <input type="text" name="name" />
  <br>

Email <input type="email" name="email" />
  <br> 
CRType <select name = "CRType">
        <option value = "New">New</option>
         <option value = "Old">Old</option>
  </select><br>  
<input type="submit" value="Submit">
</form>

Results.html

<a href = "/">Add CR</a>
<table border = 1>
  {% for user in userDetails %}
  <tr>
  <td> {{user[3]}} </td>
   <td> {{user[0]}} </td>
    <td> {{user[1]}} </td>
  <td> {{user[2]}} </td>
  <td>  <a href="/Edit?CR_ID={{user[3]}}"> Edit Profile</a> </td>
 </tr>
  {% endfor %}
</table>

Edit.html

h1>Welcome to Update Zone</h1>
<br>

<br>
<body>
<form method="POST" action="{{ url_for('Edit') }}">

CR_ID <input type="text" name="CR_ID" value = "{{user[0]}}"/>
  <br>
Name <input type="text" name="name" value = "{{user[1]}}"/>
  <br>

Email <input type="email" name="email" value = "{{user[2]}}"/>
  <br>
  <br>
      <input type="submit" value="Submit">
</body>
</form>

App.PY

from flask import Flask, render_template, request, redirect
from flask_mysqldb import MySQL
# from flask_table import Table, Col, LinkCol



app = Flask(__name__)

# Configure db
#db = yaml.load(open('db.yaml'))
app.config['MYSQL_HOST'] = 'localhost'
app.config['MYSQL_USER'] = 'root'
#app.config['MYSQL_PASSWORD'] = 'P@$$w0rd'
app.config['MYSQL_DB'] = 'flaskapp'

mysql = MySQL(app)

@app.route('/', methods=['GET', 'POST'])
def index():
    if request.method == 'POST':
        # Fetch form data
        userDetails = request.form
        name = userDetails['name']
        email = userDetails['email']
        CRType = userDetails['CRType']
     #   CR_ID = userDetails['CR_ID']
        cur = mysql.connection.cursor()
      #  cur.execute("""INSERT INTO users(name, email, CRType) VALUES(%s, %s, % )""",(name, email, CRType)
        cur.execute("""INSERT INTO users (name, email, CRType) VALUES (%s, %s, %s)""", (name, email, CRType))
        mysql.connection.commit()
        cur.close()
        return redirect ('/results')
      #  return redirect('/results')
    return render_template('index.html')

@app.route('/results')
def results():
    cur = mysql.connection.cursor()
    resultValue = cur.execute("SELECT * from users")
    if resultValue > 0:
        userDetails = cur.fetchall()
    #    edit = LinkCol('Edit', 'edit', url_kwargs=dict(id='CR_ID'))
        return render_template('results.html',userDetails=userDetails)


@app.route('/Edit', methods=['GET', 'POST'])
def Edit():
       # request.method == 'GET':
        # Fetch form data
      #  user = request.form
      #  CR_ID = user['CR_ID']
        CR_ID = request.args.get('CR_ID')
        name = request.args.get('name')
        email = request.args.get('email')
        CRType = request.args.get('CRType')
        cur = mysql.connection.cursor()
      #  result= cur.execute("SELECT CR_ID, name, email  from users where CR_ID = 1")
        result = cur.execute("""SELECT CR_ID, name, email from users where CR_ID = %s""",CR_ID)
     #   result = cur.execute("Update table users set name=?, email=?, CRType=? where CR_ID = %s", CR_ID)
        RV = cur.fetchall()
        user = RV[0]
        cur.close()
        return render_template('Edit.html',user=user)

if __name__ == '__main__':
    app.run(debug= True)

Answer 1

Your SQL statements aren't properly formatted. It should be

result = cur.execute("SELECT CR_ID, name, email from users where CR_ID = %s", (CR_ID))