Reputation: 141
passing variables in cur.executescript
Currently I have the following code which checks if tablename "Company" exists in the database, and then creates the table with the given fields.
cur.executescript('''
DROP TABLE IF EXISTS Company;
CREATE TABLE Company (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE,
name VARCHAR2
)
''')
I want to make this query generic as in, instead of just using "Company" in my query, I need to take the names from a list. Is it possible to pass a variable in the query instead of passing "Company" in this example.
Thank you!
Upvotes: 0
Views: 1207
Answers (2)
Reputation: 23
According SQLInjection You should use placeholders like
email = pieces[1]
cur.execute('SELECT count FROM Counts WHERE email = ? ', (email,))
Upvotes: 0
Reputation: 6520
It is not possible to pass a variable table name (or column name) to sqlite. (And since executescript takes exactly one argument, it's not possible to pass a variable to executescript).
You could build the query before the execute and pass that variable to executescript.
And of course if you take the table names from a list, it seems likely you will have to take the column names too!
Upvotes: 1
Related Questions
- Python sqlite3 string variable in execute
- How can I run a command with values in python sqlite3?
- SQLite3 Python variables
- python run script from script with arguments
- Passing python variable to sql
- Python sqlite - quotes usage in execute() method
- Using Python variables within sqlite3 statement
- python sqlite3: executescript fails
- python - 'str' object has no attribute 'execute'
- Passing SQLite variables in Python