From ec7ff3e3e1fd491fb5c7c10f455c26d52b8ba6fa Mon Sep 17 00:00:00 2001 From: Jonathan Ervine Date: Fri, 11 Dec 2020 09:55:29 +0800 Subject: [PATCH] define vars before SQL statement --- routes/_convenor.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/routes/_convenor.py b/routes/_convenor.py index 18ba5b8..a3970bc 100644 --- a/routes/_convenor.py +++ b/routes/_convenor.py @@ -33,10 +33,11 @@ def convenorAddClub(): @routes.route('/convenor/clubAddResult', methods=['POST']) def convenorAddClubResult(): - club_lookup = "SELECT club FROM _clubTeams WHERE club='" + _club + "' GROUP BY club" - club_create = "INSERT INTO _clubTeams (club, team) VALUES ('" + _club + "', 'A')" try: _club = request.form['clubName'] + club_lookup = "SELECT club FROM _clubTeams WHERE club='" + _club + "' GROUP BY club" + club_create = "INSERT INTO _clubTeams (club, team) VALUES ('" + _club + "', 'A')" + # validate that this data has been entered if _club and request.method == 'POST': clubExist = sql_read(club_lookup)