Problem with MySQL cursor

Carsten Haese carsten at
Thu Oct 11 15:42:10 CEST 2007

On Thu, 2007-10-11 at 15:14 +0200, Florian Lindner wrote:
> Hello,
> I have a function that executes a SQL statement with MySQLdb:
> def executeSQL(sql,  *args):
>     print sql % args
>     cursor = conn.cursor()
>     cursor.execute(sql, args)
>     cursor.close()
> it's called like that:
>     sql = "INSERT INTO %s (%s) VALUES (%s)"
>     executeSQL(sql,  DOMAIN_TABLE, DOMAIN_FIELD, domainname)

You can't use parameter binding to substitute table names and column
names, or any other syntax element, into a query. You can only bind
parameters in places where a literal value would be allowed (more or
less, the real rules are more complicated, but this rule of thumb gets
you close enough). You have to construct the query string like this, for

executeSQL(sql, domainname)


Carsten Haese

More information about the Python-list mailing list