7

I've been trying to make a parameterized SQL-query with Python 3 and sqlite module and succeeded with just one variable. However when using two variables, I get an IndexError: tuple index out of range error. Any suggestions as to what is causing this error?

sql = ("select exists(SELECT * from USERS where PASSWORD = '{0}' AND USERNAME = '{1}')")
args = (var1,var2)
cursor = database_connection.execute((sql).format(args))
Improve this question

1 Answer 1

Reset to default
21

Never fill in raw entries in your sql command, this is calling for sql injection attacks.

Use the built-in fill-in function.

sql = "select exists(SELECT * from USERS where PASSWORD = ? AND USERNAME = ?)"
args = (var1,var2)
cursor = database_connection.execute(sql, args)
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Nice. You fixed the error by using *args (but forgot to say it...), and insisted in correctly using parameterized queries.
Your suggestion throws a "TypeError: function takes at most 2 arguments (3 given)" error. Also one of the parenthesis is missing in the first row.
Sorry, fixed that.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.