Skip to content Skip to sidebar Skip to footer
Home / Flask Sqlalchemy / Postgresql / Python / Sqlalchemy / Syntax Error

How To Db.execute In Postgresql Using The Like Operator With Variables Within Flask

Post a Comment
I'm trying to get my db.execute to work but encounter a syntax error when using the LIKE operator along with a variable passed in from HTML like so: @app.route('/search', methods=[

Solution 1:

Your library is naively substituting the value for :lookingFor into the middle of an SQL string, and the quoting is not correct for doing that. You could write the query such that the variable doesn't occur inside an SQL string:

isbn LIKE '%'||:lookingFor||'%'

Or, you could programatically add the '%' to the search string before passing it to the database. The latter options is likely best, because you should also be escaping any % or _ that happen to occur inside the :lookingFor already, so adding the unescaped % before and after would be a natural addition to that task.

Post a Comment for "How To Db.execute In Postgresql Using The Like Operator With Variables Within Flask"