'variable not interpolating for Mysql query with flask

I have the following code where the ph variable does not interpolates with the select query.

I am just trying to access http://localhost/testing?phone_number=1234567890 it returns like () rather particular record of the phone number.

@app.route("/testing",methods=['GET')
def testing():
  ph = request.args.get('phone_number')
  cur = mysql.connection.cursor()
  cur.execute('''SELECT * FROM client_base where phone_number={}'''.format(ph))
  results = cur.fetchall()
  return ''' {} '''.format(results)

Solution 1:^[1]

Abetter solution is using prepared statements like below

@app.route("/testing",methods=['GET')
def testing():
  ph = request.args.get('phone_number')
  cur = mysql.connection.cursor()
  cur.execute('''SELECT * FROM client_base where phone_number=%s''',(ph,))
  results = cur.fetchall()
  return ''' {} '''.format(results)

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source
Solution 1	nbk

'variable not interpolating for Mysql query with flask

Solution 1:[1]

Sources

Related Questions

Solution 1:^[1]