My doubts list is [[‘a’,’b’,’This is a sentence’]] My HTML (Jinja) is
{% for x in doubts %}
{{ x }}
{% endfor %}
My Flask is :-
connection = mysql.connector.connect(host='127.0.0.1',database='wizlearn',user='root',password='pokemon2345')
cursor = connection.cursor(buffered=True)
login = session['login']
admission_no = login[4]
cursor.execute('SELECT * FROM doubts WHERE student = {0}'.format(admission_no))
result = json.dumps(list(cursor.fetchall()))
app.logger.debug(result)
cursor.close()
connection.close()
return render_template('doubt_history.html', doubts=result)
x is giving a,b,T,h,i,s,i,s,a,s,e,n,t,e,n,c,e [Each char one iteration]
I expected a,b,This is a sentence. [Only one iteration]
How do I resolve this? Thanks in advance!
Advertisement
Answer
You have dumped the output to json for some reason. Don’t do that. Pass the value of cursor.fetchall() directly to the template.
Also, never ever pass user input – or any data – directly into an SQL query via string interpolation; this opens you to SQL injection attacks. Always use parameters:
cursor.execute('SELECT * FROM doubts WHERE student = %s', (admission_no))
(You haven’t said what db you are using, if you are using sqlite you will need to use ? instead of %s there.)