curious paramstyle qmark behavior

Jean-Paul Calderone exarkun at divmod.com
Fri Oct 20 22:28:20 CEST 2006


On 20 Oct 2006 13:06:58 -0700, BartlebyScrivener <rpdooling at gmail.com> wrote:
>With
>
>aColumn = "Topics.Topic1"'
>
>The first statement "works" in the sense that it finds a number of
>matching rows.
>
>c.execute ("SELECT Author, Quote, ID, Topics.Topic1, Topic2 FROM
>QUOTES7 WHERE " + aColumn + " LIKE ?", ("%" + sys.argv[1] + "%",))
>
>I've tried about 20 different variations on this next one. And it finds
>0 records no matter what I do. Is there some violation when I use two
>qmarks?
>
>c.execute ("SELECT Author, Quote, ID, Topics.Topic1, Topic2 FROM
>QUOTES7 WHERE ? LIKE ?", (aColumn, "%" + sys.argv[1] + "%"))
>
>I'm using mx.ODBC and Python 2.4.3 to connect to an MS Access DB.

Bind parameters aren't a general interpolation mechanism.  Typically,
you cannot use them with database, table, or column names.  Likewise,
this won't work:

execute("SELECT foo ? bar WHERE baz", ("FROM",))

The rule is difficult to express simply (at least, I have never seen
it expressed simply), but it goes something like "bind parameters only
work on values, not schema elements or syntactic constructs".

Jean-Paul



More information about the Python-list mailing list