So I am making a web app with Flask. I have attempted to input text through the app which shouldn't break my program, but still have. If I insert, say: list''thing, and pass it to one query for insertion into a table using the ? param, then it will insert the entire string including chars that could be problematic otherwise. BUT for some reason, still using ?, on my UPDATE and DELETE queries it will come out as: list The rest is missing, so I can add it but not rename or delete it from the app interface. I can provide some snippets For this, the string is "list_name" variable, session["current_list"]
temp = db.execute("SELECT brand FROM lists WHERE username=? AND list_name=? ORDER BY id DESC", username, session["current_list"])
For this, it is again "list_name" and, data:
temp = db.execute("DELETE FROM lists WHERE username=? AND list_name=?", username, data)
I am using CS50's SQL library which uses SQLAlchamy, but I don't see why this should break down here
Thanks if you have any ideas! --Harrison
Aucun commentaire:
Enregistrer un commentaire