hydra5252
Reputation: 13
How to escape reserved words in Python and Postgres SQL at the same time?
Here is the code I have:
for x in range(len(un)):
query = 'CREATE TABLE "'+un[x]+'" AS SELECT * FROM public.sample WHERE ticker = +un[x]+'
cursor.execute(query)
The error I am getting:
LINE 1: ...E "AA" AS SELECT * FROM public.sample WHERE ticker = +un[x]+
The query I want to run in PostgreSQL
CREATE TABLE "AA" AS SELECT * FROM public.sample WHERE ticker = 'AA'
Upvotes: 1
Views: 299
Answers (1)
fpietka
Reputation: 1043
You just miss a quote in the query string. Try this:
for x in range(len(un)):
query = 'CREATE TABLE "'+un[x]+'" AS SELECT * FROM public.sample WHERE ticker = \''+un[x]+'\''
cursor.execute(query)
Also consider using parameters, as this query is prone to SQL injection (meaning you could leak or loose your database):
for x in range(len(un)):
query = 'CREATE TABLE %(ticker)s AS SELECT * FROM public.sample WHERE ticker = %(ticker)s'
cursor.execute(query, {"ticker": un[x]})
Upvotes: 1
Related Questions
- Force python to use ' instead of " for strings
- Alternate Postgres syntax for escaping reserved words
- How to exploit Python code escape string for SQLInjection in PostgreSQL
- Python SQL DB string literals and escaping
- How to manually escape SQL literals in Python
- How to escape variable in a postgresql insert query into a python script?
- How to pass apostrophe from python to psql?? 'DatabaseError' object has no attribute 'encode'
- Manually escape a string for raw SQL
- Escaping a whole string in mysql/python
- String escape in SQL statement