0

I want to check for duplicate contacts and remove them from the user's contact list. There is no error message, it simply doesn't execute. Why doesn't it work?

cmd = "DELETE FROM contacts WHERE contact LIKE '{0}'.format(str(contact_))"
print(cmd)
# DELETE FROM contacts WHERE contact LIKE 'Ilovecake'
cur.execute(cmd)
conn.commit()
conn.close()
Improve this question
1
  • DELETE FROM contacts WHERE contact LIKE '%{0}%'.format( str(contact_) ) Commented Oct 18, 2015 at 17:33

2 Answers 2

Reset to default
1

You are vulerable to SQL injection attacks. Never format query strings directly, always use parameterized queries.

Your query currently matches contacts that are equal to contact_, but your use of LIKE implies that you want to match contacts that contain that value. Use wildcards in the query.

cur.execute('delete from contacts where contact like ?', ('%{}%'.format(contact_),))

The placeholder may be different depending on the dbapi driver you're using. You can use Flask-SQLAlchemy/SQLAlchemy to normalize parameter substitution as well as manage the connection and session automatically.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

if you are doing a kind of search you should use (I GUESS):

"DELETE FROM blabla WHERE contact LIKE '%what i am searching%'"

which allows text before and after the searched string, apply to your code

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.