I am trying to get a single table record from mysql and print a simple 'OK' if I succeed. Below is the method where I defined the check of the entry from signup.html page.
#check values received from the UI input by users
username = request.form['inputUserName']
email = request.form['inputEmail']
password = request.form['inputPassword']
cursor = mysql.get_db().cursor()
cursor.execute("SELECT userName FROM user WHERE userName='username'")
data = cursor.fetchone()
if data is None:
return "User doesn't exist"
You're selecting a user with the username
'username' right now, you've hard coded it into the query. Pass a parameter instead.
cursor.execute('select id from user where username = %s', [username])