Reputation:
Dynamic SQL in Python with dynamic Select statement
In Python I want to select a specific value from a dynamic column and wonder, if I can do that using a parameterized statement without using SQLAlchemy - the one below gives me the variable output, not the content of the cell in SQL. If I replace the variable ":map_scenario" behind the "Select" and make it static, it gives me the value from the cell - so it has to have something to do with the variable usage here:
self.c.execute("select :map_scenario FROM map_config WHERE map_alias=:sqlmap_alias", {'map_scenario': val_gamemode, 'sqlmap_alias': val_map_alias_result})
Any ideas to where I have a wrong concept, are highly appreciated - searching didn't give me a hint, although I tried it with the masking "?" and "%s" - all the same?
Guess SQL doesn't support this kind of injection, so I would have to build the query before I send it for execution, right?
Upvotes: 1
Views: 549
Answers (1)
Reputation:
Got it, had to create the SQL statement outside the query and then put it in:
val_map_alias_result = (str(val_map_alias[0]))
query = ("select " + val_gamemode + " FROM map_config WHERE map_alias=:sqlmap_alias")
That works perfectly.
Upvotes: 1
Related Questions
- Dynamic SQL statement in Python
- Dynamic mySQL Statement
- Dynamic SQL Queries with Python and mySQL
- Database Query with dynamic parameters in python
- SQL Using Variable Value
- Python dynamic query in mysql
- Python create dynamic select statement for mysql
- Create a dynamic sql query where one condition is generated from parameters given
- Creating Dynamic Select Query in SqlAlchemy
- MySQL Dynamic Query Statement in Python