Python 3 sqlite parameterized SQL-query
Never fill in raw entries in your sql command, this is calling for sql injection attacks.
Use the built-in fill-in function.
sql = "select exists(SELECT * from USERS where PASSWORD = ? AND USERNAME = ?)"args = (var1,var2)cursor = database_connection.execute(sql, args)