Problem with MySQL cursor
Carsten Haese
carsten at uniqsys.com
Thu Oct 11 09:42:10 EDT 2007
On Thu, 2007-10-11 at 15:14 +0200, Florian Lindner wrote:
> Hello,
> I have a function that executes a SQL statement with MySQLdb:
>
> def executeSQL(sql, *args):
> print sql % args
> cursor = conn.cursor()
> cursor.execute(sql, args)
> cursor.close()
>
> it's called like that:
>
> sql = "INSERT INTO %s (%s) VALUES (%s)"
> executeSQL(sql, DOMAIN_TABLE, DOMAIN_FIELD, domainname)
You can't use parameter binding to substitute table names and column
names, or any other syntax element, into a query. You can only bind
parameters in places where a literal value would be allowed (more or
less, the real rules are more complicated, but this rule of thumb gets
you close enough). You have to construct the query string like this, for
example:
sql = "INSERT INTO "+DOMAIN_TABLE+"("+DOMAIN_FIELD+") VALUES (%s)"
executeSQL(sql, domainname)
HTH,
--
Carsten Haese
http://informixdb.sourceforge.net
More information about the Python-list
mailing list