In this tutorial, “fixed” means:
cursor.executemany( "INSERT INTO users (username, email, age) VALUES (?, ?, ?)", users_list )
username = "O'Connor" # WRONG: This crashes due to the single quote and invites SQL injection cursor.execute(f"SELECT * FROM users WHERE name = 'username'") Use code with caution. The Fix: Use Parameterized Queries sqlite3 tutorial query python fixed
import sqlite3
# AVG, MIN, MAX cursor.execute("SELECT AVG(age), MIN(age), MAX(age) FROM users") avg_age, min_age, max_age = cursor.fetchone() print(f"Average age: avg_age:.2f, Min: min_age, Max: max_age") In this tutorial, “fixed” means: cursor
Use ? as placeholders. SQLite3 handles the escaping and type conversion safely.
with sqlite3.connect('data.db') as conn: cursor = conn.cursor() # work here # automatically closed SQLite3 handles the escaping and type conversion safely
import sqlite3 try: with sqlite3.connect("app.db") as conn: cursor = conn.cursor() cursor.execute("INSERT INTO users (id, name) VALUES (?, ?)", (102, "Duplicate ID Test")) except sqlite3.IntegrityError as e: print(f"Database error encountered: e") Use code with caution.