Loading lesson path
Concept visual
Start at both ends
When selecting records from a table, you can filter the selection by using the "WHERE" statement:
Select record(s) where the address is "Park Lane 38": result:
Formula
import mysql.connector mydb = mysql.connector.connect(host="localhost", user=" yourusername ", password=" yourpassword ", database="mydatabase" ) mycursor = mydb.cursor()
sql = "SELECT * FROM customers WHERE address ='Park Lane
38'"
mycursor.execute(sql)Formula
myresult = mycursor.fetchall()
for x in myresult:print(x)You can also select the records that starts, includes, or ends with a given letter or phrase.
% to represent wildcard characters:
Select records where the address contains the word "way":
Formula
import mysql.connector mydb = mysql.connector.connect(host="localhost", user=" yourusername ", password=" yourpassword ", database="mydatabase" )
Formula
mycursor = mydb.cursor()sql = "SELECT * FROM customers WHERE address
LIKE '%way%'"
mycursor.execute(sql)Formula
myresult = mycursor.fetchall()
for x in myresult:print(x)When query values are provided by the user, you should escape the values. This is to prevent SQL injections, which is a common web hacking technique to destroy or misuse your database. The mysql.connector module has methods to escape query values:
%s method:
Formula
import mysql.connector mydb = mysql.connector.connect(host="localhost", user=" yourusername ", password=" yourpassword ", database="mydatabase" )
Formula
mycursor = mydb.cursor()sql = "SELECT * FROM customers WHERE
address = %s"Formula
adr = ("Yellow Garden 2", )mycursor.execute(sql, adr)
Formula
myresult = mycursor.fetchall()
for x in myresult:print(x)