0

The error is:

sqlite3.ProgrammingError: Incorrect number of bindings supplied. The current statement uses 0, and there are 1 supplied.

And this is the code causing it:

data = c.execute('''SELECT * FROM job WHERE title LIKE "%?%"''', (user_input,)).fetchall()

For more context, I'm trying to create a functioning search bar with Python, Flask and SQlite3, where c.execute here is supposed to return the data from my database based on user input. But I'm having trouble configuring SELECT so it works with partial matches too, hence the use of LIKE. What am I doing wrong?

Improve this question
3
  • Thank you! Is it '''SELECT * FROM job WHERE title LIKE ''%' || ' ? || '%''''' or? Because this here is now throwing the sqlite3.OperationalError: near "?": syntax error. I tried using the """quotes""" for SELECT, as well. Same thing. Commented Nov 20, 2023 at 10:56
  • Does this answer your question? Python String Formats with SQL Wildcards and LIKE Commented Nov 20, 2023 at 12:16
  • The immediate problem is that ? doesn't create a binding. For that you want %s, but that's a little awkward here because of the % in the syntax of the LIKE operator. For ways to solve that, see: stackoverflow.com/a/3134756/765091. Don't use insecure string manipulation as suggested in your answer. Commented Nov 20, 2023 at 12:18

1 Answer 1

Reset to default
0

If anyone else ends up having issues with this, please refer to this answer. In short, this can be done using format.

In my case it was:

data = c.execute("SELECT * FROM job WHERE title LIKE '%{}%'".format(user_input)).fetchall()
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

That's vulnerable to SQL injection: consider what happens when a malicious user's input is x%'; DROP TABLE important_data; SELECT * FROM job WHERE title LIKE '%x. It's much safer to avoid string manipulation and use the approach here: stackoverflow.com/questions/902408/…. To handle the % character, one approach is shown in this answer: stackoverflow.com/a/62347841/765091
Oh, got it. Thank you for the comment. However, the approach you linked and that Barmar is suggestion is still giving me a syntax error.
You're right, there's a missing ) after the CONCAT in Barmar's answer there. So you could fix that or alternatively use the approach here that does the concatenation in Python: stackoverflow.com/a/3134756/765091

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.