%s WHERE url = %s''', (host, lastvisit, filename) )
There are (single) quotes missing around (at least) the file name (the 'url' column) which I'm rather sure is a string - you need them around all strings you use in SQL statements.
I don't know which database and interface you're using but I would guess that many have the ability to inserting quotes where neces- sary etc. E.g. with sqlite3 you would use
cur.execute('UPDATE files SET hits = hits + 1, host = ?, lastvisit = ? ' 'WHERE url = ?', (host, lastvisit, filename) )
and the quotes required around (at least) the 'filename' string will be inserted automatically.
Also take care to check the filename you insert - a malicous user might cobble together a file name that is actually a SQL statement and then do nasty things to your database. I.e. never insert values you received from a user without checking them.
> For some reason this never return any data, because for troubleshooting
> i have tried:
> data = cur.fetchone()
There's nothing that your SQL statement (if correct) would return, so what do you expect to have returned by the fetchone() method?
Perhaps there's something like the 'rowcount' property in sqlite3 which returns the number of rows modified by an INSERT or UPDATE.
> Since for sure the filename the user selected is represented by a record
> inside 'files' table why its corresponding counter never seems to get
I would guess because you forgot the uotes around string values in your SQL statement which thus wasn't executed.