Code Room
Code reviewHard
Question
Review this Python user-search endpoint using parameterized SQL.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
@app.route('/admin/users/search')@require_admindef search_users(): term = request.args.get('q', '') conn = get_db() cur = conn.cursor() pattern = '%' + term + '%' cur.execute( "SELECT id, email FROM users WHERE email LIKE %s ORDER BY email LIMIT 50", (pattern,), ) rows = cur.fetchall() return jsonify([{'id': r[0], 'email': r[1]} for r in rows])Run or narrate your approach, then ask the coach.