On Thu, Oct 22, 2020 at 8:12 PM Hans Ginzel <hans@matfyz.cz> wrote:
Hello,
consider this snippet please
cursor.execute(f"INSERT INTO {table} VALUES (1, '{}');") SyntaxError: f-string: empty expression not allowed
It is (absolutely) correct to insert empty json into database table field. Empty expression in f-string should * (silently) expand as '{}' (opening and closing braces), * generate a (compile time) warning if requested, e.g. with -W.
My recommendation here would be to separate the part where you insert a table name from the rest of the statement: cursor.execute(f"INSERT INTO {table} " "VALUES (1, '{}')") That way, you aren't at risk of SQL injection in the rest of the statement, and you have a very clear separation saying "hey this bit is doing something really unusual and using interpolation in SQL". ChrisA