Issue
Whenever I'm giving an input (without the single quotes) and then after hitting the SUBMIT button it's getting stored like that in the MySql database. I'm not able to understand the reason behind that. Kindly let me know what's the reason behind that? Find the codes and the image of the webpage attached below. Also, let me know what is the difference between creating buttons through "button" tag and "input" tag in HTML.
main.py
```
@app.route("/index",methods=["GET","POST"])
def insert():
cur=mysql.connection.cursor()
if request.method=="POST":
date=int(datetime.now().strftime("%Y%m%d%H%M%S"))
description=str(request.form['description'])
temp=(description,date)
cur.execute('''insert into test.task (description,date) values ("%s","%s")''',temp)
mysql.connection.commit()
return redirect(url_for('index')
@app.route("/")
def index():
cur=mysql.connection.cursor()
cur.execute("select * from test.task")
task=cur.fetchall()
cur.close()
return render_template("base.html",task=task)
if __name__=="__main__":
app.run(debug=True, port=8000)
```
base.html
<form action="/index" method="POST">
<label for="description">Description</label>
<input type="text" name="description" id="description" placeholder="Description Input" required>
<button type="submit">Submit</button>
</form>
<table>
<tr>
<th>S.No.</th>
<th>Description</th>
<th>Date and time</th>
<th>Action</th>
</tr>
{% for task in task %}
<tr>
<td>{{loop.index}}.</td>
<td>{{task.1}}</td>
<td>{{task.2}}</td>
<td><a href="Update">Update</a> <a href="Delete">Delete</a>
</td>
</tr>
{% endfor %}
```
Solution
You don't need to quote %s in a prepared statement - the connector will do it automatically.
You want
cur.execute('''insert into test.task (description,date) values (%s,%s)''',temp)
Answered By - snakecharmerb
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.