how to send parameters with f-Strings in a sqllite query python


how can i send a parameter to a query this is my code

import pandas as pd
import sqlite3

def query_brand(filter):
    sql_query = pd.read_sql(f'SELECT * FROM ps_lss_brands WHERE label = {filter}', 
    df = pd.DataFrame(sql_query, columns = ['id_brand', 'label'])
    # print(df["id_brand"][0])

this the error that i get

pandas.errors.DatabaseError: Execution failed on sql ‘SELECT * FROM ps_lss_brands WHERE label=ACURA’: no such column: ACURA

my colunm is label but in the query it is trying to look for an ACURA colunm

Asked By: Lucin Husein



There is an issue in the fourth line.
Please change your SQL query to include quotation marks around the {filter}

Specifically, make your fourth line something like this:

sql_query = pd.read_sql(f"SELECT * FROM ps_lss_brands WHERE label = '{filter}'", 

However, you should try to avoid this altogether, and instead use parameterized queries. This will prevent SQL injection.

Answered By: Ritwik Deshpande
Categories: questions Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.