limeThyme limeThyme - 2 months ago 6
MySQL Question

can't get proper record response from mysql

I am trying to get a single table record from mysql and print a simple 'OK' if I succeed. Below is the method where I defined the check of the entry from signup.html page.

@app.route('/signUp', methods=["POST"])
def signUp():
#check values received from the UI input by users
username = request.form['inputUserName']
email = request.form['inputEmail']
password = request.form['inputPassword']

cursor = mysql.get_db().cursor()
cursor.execute("SELECT userName FROM user WHERE userName='username'")
data = cursor.fetchone()
if data is None:
return "User doesn't exist"
else:
return "OK"


I have one record in my table, 'admin' and when i try inputting it on my signup.html page and calling the method from the above, it never goes to the 'else' statement of the if loop, it always returns 'User doesn't exist'.

Can someone help out? Not sure, what I am doing wrong, only recently started teaching myself web development so please bear with me.

Also, any tips on the approach I am trying are also welcome, for example, is the way I am trying to handle this register feature bad for some reason?

Thanks in advance.

Answer

You're selecting a user with the username 'username' right now, you've hard coded it into the query. Pass a parameter instead.

cursor.execute('select id from user where username = %s', [username])
Comments