(1, 'John Doe', 'john@example.com') (2, 'Jane Doe', 'jane@example.com') To avoid SQL injection attacks, use parameterized queries. Instead of concatenating user input into your SQL query, pass it as a parameter:
# Print the results for row in results: print(row) This will print:
# Print the results for row in results: print(row) This will print: sqlite3 tutorial query python fixed
.exit Now, let's connect to the database using Python's sqlite3 module:
import sqlite3
CREATE TABLE users ( id INTEGER PRIMARY KEY, name TEXT NOT NULL, email TEXT NOT NULL ); Insert some data:
INSERT INTO users (name, email) VALUES ('John Doe', 'john@example.com'); INSERT INTO users (name, email) VALUES ('Jane Doe', 'jane@example.com'); Exit the sqlite3 shell: (1, 'John Doe', 'john@example
# Connect to the database conn = sqlite3.connect('example.db') cursor = conn.cursor() To execute a query, use the execute() method: