Problem with MySQL cursor

Carsten Haese carsten at uniqsys.com
Thu Oct 11 15:42:10 CEST 2007


On Thu, 2007-10-11 at 15:14 +0200, Florian Lindner wrote:
> Hello,
> I have a function that executes a SQL statement with MySQLdb:
> 
> def executeSQL(sql,  *args):
>     print sql % args
>     cursor = conn.cursor()
>     cursor.execute(sql, args)
>     cursor.close()
> 
> it's called like that:
> 
>     sql = "INSERT INTO %s (%s) VALUES (%s)"
>     executeSQL(sql,  DOMAIN_TABLE, DOMAIN_FIELD, domainname)

You can't use parameter binding to substitute table names and column
names, or any other syntax element, into a query. You can only bind
parameters in places where a literal value would be allowed (more or
less, the real rules are more complicated, but this rule of thumb gets
you close enough). You have to construct the query string like this, for
example:

sql = "INSERT INTO "+DOMAIN_TABLE+"("+DOMAIN_FIELD+") VALUES (%s)"
executeSQL(sql, domainname)

HTH,

-- 
Carsten Haese
http://informixdb.sourceforge.net





More information about the Python-list mailing list