SQL & Databases

INSERT, UPDATE & DELETE (safely)

Reading is half the job; you also change data. The three write statements:

INSERT INTO products (name, stock) VALUES (?, ?);
UPDATE products SET stock = stock + ? WHERE name = ?;
DELETE FROM products WHERE stock = 0;

Always pass values as ? parameters, never by formatting strings. "... name = '" + name + "'" is the door to SQL injection: a name like x'; DROP TABLE products;-- would run as code. With ? the value is only ever data. After writing, call con.commit().

Write restock(con, name, amount) that adds amount to the stock of the product called name (parameterized UPDATE + commit), then returns that product's new stock. Press Run.

Your turn

Write restock(con, name, amount) that runs a parameterized UPDATE products SET stock = stock + ? WHERE name = ?, commits, and returns the product's new stock (query it back). Use ? placeholders so a quote in name can never break the query.

Spotted a problem in this lesson? Report it

Code · runs in your browser

Output

Back Next lesson

INSERT, UPDATE & DELETE (safely)

This lesson is locked

Best on a laptop