Complete the code to safely execute a SQL query using Flask and SQLite.
cursor.execute("SELECT * FROM users WHERE username = ?", ([1],))
Using parameterized queries with placeholders like ? and passing the user input as a tuple prevents SQL injection.
Complete the code to fetch the first result safely after executing a parameterized query.
result = cursor.[1]()execute() instead of a fetch method.fetchall() when only one result is needed.fetchone() retrieves the first row of the query result safely.
Fix the error in the code to prevent SQL injection when inserting data.
cursor.execute("INSERT INTO users (username, password) VALUES ([1], [2])", (username, password))
Use ? placeholders without quotes and separate them by commas to safely insert parameters.
Fill both blanks to create a safe SELECT query with named placeholders in Flask.
cursor.execute("SELECT * FROM users WHERE email = [1]", [2])
Named placeholders like :email are used in the query string, and a dictionary with the key 'email' maps to the variable email.
Fill all three blanks to safely update a user's password using parameterized queries.
cursor.execute("UPDATE users SET password = [1] WHERE username = [2]", ([3], username))
Use positional placeholders ? for both parameters and pass the new password variable in the tuple.