0 
def search():
    searc = input("Enter the name you want to search: ")
    s = (searc)
    mycursor.execute("SELECT * FROM studen WHERE Name = {}".format(s))
    for i in mycursor:
        print(i)

I'm trying to fetch data from the studen table where name is entered by the user.

Here is the error that I'm getting:

ERROR: mysql.connector.errors.ProgrammingError: 1054 (42S22): Unknown column 'ayush' in 'where clause'

Improve this question
0

1 Answer 1

Reset to default
1

The immediate problem is that your query is missing quotes. The string you get with .format() looks like this, assuming ayush is your input:

SELECT * FROM studen WHERE Name = ayush

But it needs to look like this:

SELECT * FROM studen WHERE Name = 'ayush'

However, you shouldn't be using .format() at all since it leaves you wide open to SQL injection.

This is the proper way to parametrize a query using mysql.connector:

mycursor.execute("SELECT * FROM studen WHERE Name = %s", (s,))

Note also that I have used (s,) instead of (s) here to get a tuple of one element.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yes it works. I actually tried your code a day ago but instead of writing this (s ,) I wrote (s) without comma. Thank you for helping out.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.