Since you're using MySQL:
cursor.execute("SELECT this, that WHERE this > %s AND that like %s;", (foo, bar))
(This is irrespective of Bottle.)
(Also, if you care about SQL injection then you should add some validation.)
سؤال
What is the correct syntax to use parameters passed through bottle routes in a SQL statement? (tons of code omitted for clarity here, everything works except this)
@route('/sqldynamic/<foo>/<bar>')
def sqlDyanmic(foo, bar):
db = MySQLdb.connect("127.0.0.1","username","password","database" )
cursor = db.cursor()
cursor.execute("SELECT this, that WHERE this > foo AND that like '%bar%';")
data = cursor.fetchall()
return str(data)
المحلول
Since you're using MySQL:
cursor.execute("SELECT this, that WHERE this > %s AND that like %s;", (foo, bar))
(This is irrespective of Bottle.)
(Also, if you care about SQL injection then you should add some validation.)