adding a dynamic table name in python

Question

In the given query I am trying to take table name as input from user:

import MySQLdb
import csv
conn=MySQLdb.connect("localhost","root","","graphdata")

c=conn.cursor()
a= raw_input("Enter the table name")
sql='''SELECT distinct sku FROM %s_management'''
c.execute(sql,str(a))
rows=c.fetchall()

file=open('mine.csv','a+')

for eachRow in rows:
    print eachRow
    a=eachRow
    file.write(str(a)+"\n")

file.close()

what I wanted was that the compiler should as

Enter table name:

I should enter the table name

Enter table name: inventory

it should get concatenated in the query:

sql='''SELECT distinct sku FROM inventory_management'''

but up until now I have gotten these errors:

 c.execute(sql,str(a))
  File "C:\Python27\lib\site-packages\MySQLdb\cursors.py", line 198, in execute
    query = query % args
TypeError: not all arguments converted during string formatting


  File "change.py", line 7, in <module>
    sql='''SELECT distinct sku FROM %s'''(a)
TypeError: 'str' object is not callable


    c.execute("SELECT distinct sku FROM %s_management")(a)
  File "C:\Python27\lib\site-packages\MySQLdb\cursors.py", line 219, in execute
    self.errorhandler(self, exc, value)
  File "C:\Python27\lib\site-packages\MySQLdb\connections.py", line 38, in defau
lterrorhandler
    raise errorvalue
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax
; check the manual that corresponds to your MySQL server version for the right s
yntax to use near '%s_management' at line 1")

Answer 1

Use format() of string

>>> sql='SELECT distinct sku FROM {}_management'.format(a)
>>> sql
>>> 'SELECT distinct sku FROM inventory_management'

Then you just pass your query to the cursor:

c.execute(sql)

Answer 2

I don't recommend this because of security issues it brings with it, but you can do this instead -

c.execute(sql % str(a))

Or use any other kind of string formatter in python to change the table name.