How to Prevent SQL Injection When Using Delete Statements in Python MySQL

In this example we will show how to prevent SQL injection when using delete statements in Python MySQL.

Source Code

import mysql.connector

mydb = mysql.connector.connect(
    host="localhost",
    port=3306,
    user="yourusername",
    password="yourpassword",
    db="mydatabase"
)

mycursor = mydb.cursor()

sql = "DELETE FROM us_state WHERE Capital = %s"
capital = ('Denver', )

mycursor.execute(sql, capital)

mydb.commit()

print(mycursor.rowcount, "record was deleted.")

# close the connection
mydb.close()

Output:

1 record was deleted.