Update Table
You can update existing records in a table by using the “UPDATE” statement:
Example
Overwrite the address column from “Valley 345” to “Canyoun 123”:
import mysql.connector
mydb = mysql.connector.connect(
host=”localhost”,
user=”yourusername“,
password=”yourpassword“,
database=”mydatabase”
)
mycursor = mydb.cursor()
sql = “UPDATE customers SET address = ‘Canyon 123’ WHERE address = ‘Valley 345′”
mycursor.execute(sql)
mydb.commit()
print(mycursor.rowcount, “record(s) affected”)
Output:
C:\Users\My Name>python demo_mysql_update.py
1 record(s) affected
Important!: Notice the statement: mydb.commit()
. It is required to make the changes, otherwise no changes are made to the table.
Notice the WHERE clause in the UPDATE syntax: The WHERE clause specifies which record or records that should be updated. If you omit the WHERE clause, all records will be updated!
Prevent SQL Injection
It is considered a good practice to escape the values of any query, also in update statements.
This is to prevent SQL injections, which is a common web hacking technique to destroy or misuse your database.
The mysql.connector module uses the placeholder %s
to escape values in the delete statement:
Example
Escape values by using the placholder %s
method:
import mysql.connector
mydb = mysql.connector.connect(
host=”localhost”,
user=”yourusername“,
password=”yourpassword“,
database=”mydatabase”
)
mycursor = mydb.cursor()
sql = “UPDATE customers SET address = %s WHERE address = %s”
val = (“Valley 345”, “Canyon 123”)
mycursor.execute(sql, val)
mydb.commit()
print(mycursor.rowcount, “record(s) affected”)
Output:
C:\Users\My Name>python demo_mysql_update_escape.py
1 record(s) affected