[Tutor] sqlite: does "?" work in PRAGMA commands?
Terry Carroll
carroll at tjc.com
Thu Aug 2 08:46:20 CEST 2007
I'm using sqlite for the first time, so I'm not sure whether I'm trying to
do something unsupported. or whether I'm trying to do something that's
supported, but doing it wrong.
I want to get information about a table in my database. The variable
tablename holds the name of the table, and self.dbconn.execute is a valid
connection object.
This works:
GET_TABLE_INFO_COMMAND = "PRAGMA TABLE_INFO(%s)"
pragma_cmd = GET_TABLE_INFO_COMMAND % tablename
field_data = self.dbconn.execute(pragma_cmd)
But I'm mindful of the warning ("# Never do this -- insecure!") at
http://docs.python.org/lib/module-sqlite3.html, and I'd like to get into
the habit of doing that; so instead I tried it this way (and many
variations of it):
GET_TABLE_INFO_COMMAND = "PRAGMA TABLE_INFO(?)"
pragma_cmd = GET_TABLE_INFO_COMMAND
field_data = self.dbconn.execute(pragma_cmd, (tablename))
I get the error:
sqlite3.OperationalError: near "?": syntax error
Some of the variations included using "tablename" or "(tablename,)" for
the second parameter; it made no difference.
Does the "?" approach not work with PRAGMA commands or something; or am I
doing this wrong?
More information about the Tutor
mailing list