Just_Some_Guy
Reputation: 330
psycopg2 passing in table name
I have the following query
table = "#temp_table"
cursor.execute("""select * from %s as a """, (table))
I keep getting a syntax error at the from stement. Why will this not work?
Upvotes: 2
Views: 2306
Answers (1)
Maciej Gol
Reputation: 15854
You are receiving this error because the arguments passed into the second argument, (table) (which really should be (table,)), are escaped in the SQL statement that is run.
In this example, the select * from %s as a is transformed into select * from '#temp_table' as a which is an error. To correctly insert a table name, you need to format the SQL statement string directly like so:
query = 'select * from "{}" as a'.format(table)
cursor.execute(query)
You should be very careful about what data you insert into the query this way because it's highly susceptible to SQL-injection exploits. Do not use this with untrusted data.
Upvotes: 2
Related Questions
- Passing table name as a parameter in psycopg2
- Unable to Pass in Table Name for Query psycopg2
- String table name not working in a query with psycopg2
- psycopg2 cursor.execute() pass in variable table names and items
- psycopg2 table name as a parameter fails with double quotes
- psycopg2 use column names instead of column number to get row data
- Passing table name as a parameter in psycopg2, relation does not exist for a public table
- How to pass parameterized statements with values and table names to Psycopg2?
- how to pass column name as parameter in psycopg2?
- pass table name as parameter in postgres via python