cursor.execute('DELETE FROM characters WHERE name = "Rogue"') conn.commit()
# Danger: Vulnerable to SQL injection and breaks if name contains quotes (e.g., O'Connor) user_name = "O'Connor" cursor.execute(f"SELECT * FROM users WHERE name = 'user_name'") Use code with caution. The Fixed Way (Use Placeholders) sqlite3 tutorial query python fixed
# The ? placeholder handles quoting and escaping automatically cursor.execute('SELECT * FROM users WHERE name = ?', (search_name,)) cursor
Let's insert some sample data into the users table: sqlite3 tutorial query python fixed
return rows_deleted
for row in rows: print(row)
# Close connection conn.close()