how can i send a parameter to a query this is my code
import pandas as pd
import sqlite3
def query_brand(filter):
sql_query = pd.read_sql(f'SELECT * FROM ps_lss_brands WHERE label = {filter}',
self.conn_brand)
df = pd.DataFrame(sql_query, columns = ['id_brand', 'label'])
# print(df["id_brand"][0])
print(df)
query_brand("ACURA")
this the error that i get
pandas.errors.DatabaseError: Execution failed on sql ‘SELECT * FROM ps_lss_brands WHERE label=ACURA’: no such column: ACURA
my colunm is label but in the query it is trying to look for an ACURA colunm
>Solution :
There is an issue in the fourth line.
Please change your SQL query to include quotation marks around the {filter}
Specifically, make your fourth line something like this:
sql_query = pd.read_sql(f"SELECT * FROM ps_lss_brands WHERE label = '{filter}'",
self.conn_brand)
However, you should try to avoid this altogether, and instead use parameterized queries. This will prevent SQL injection.