Update Mysql

app.py

@@ -125,8 +125,8 @@ def score():
     password = data.get("password")
     result = evaluator.score_candid(candid)
     score = result["score"]
-    query = f"Update score = {score} from users where Email = {email} and password = {password}"
-    db.cursor_MS.execute(query)
+    query = f"Update score = %s from users where Email = %s and password = %s"
+    db.cursor_MS.execute(query,(score,email,password))
     db.connection_MS.commit()
     db.close_MS()
     return jsonify(result)
@@ -163,9 +163,9 @@ def login_u():
     data = request.get_json()
     email = data.get("email")
     password = data.get("pass")
-    query = f"SELECT * FROM users WHERE email = {email} AND password = {password}"
+    query = f"SELECT * FROM users WHERE email = %s AND password = %s"
 
-    result = db.cursor_MS.execute(query).fetchone()
+    result = db.cursor_MS.execute(query,(email,password)).fetchone()
     db.close_MS()
     if result:
         return jsonify({"user": "True"})
@@ -178,9 +178,9 @@ def login_o():
     data = request.get_json()
     email = data.get("email")
     password = data.get("pass")
-    query = f"SELECT * FROM org WHERE email = {email} AND password = {password}"
+    query = f"SELECT * FROM org WHERE email = %s AND password = %s"
 
-    result = db.cursor_MS.execute(query).fetchone()
+    result = db.cursor_MS.execute(query,(email,password)).fetchone()
     db.close_MS()
     if result:
         return jsonify({"user": "True"})