0

Currently I have the following code which checks if tablename "Company" exists in the database, and then creates the table with the given fields.

cur.executescript('''
DROP TABLE IF EXISTS Company;
CREATE TABLE Company (
    id     INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE,
    name VARCHAR2  
)
''')

I want to make this query generic as in, instead of just using "Company" in my query, I need to take the names from a list. Is it possible to pass a variable in the query instead of passing "Company" in this example.

Thank you!

1
  • Did you try cur.executescript('''... IF EXISTS %s; CREATE ...''' % my_variable)? Commented Oct 17, 2018 at 5:30

2 Answers 2

1

It is not possible to pass a variable table name (or column name) to sqlite. (And since executescript takes exactly one argument, it's not possible to pass a variable to executescript).

You could build the query before the execute and pass that variable to executescript.

And of course if you take the table names from a list, it seems likely you will have to take the column names too!

Sign up to request clarification or add additional context in comments.

1 Comment

yes that's how you need to do it, but careful about where the variables for this come from as you risk SQL injection.
0

According SQLInjection You should use placeholders like

email = pieces[1]
cur.execute('SELECT count FROM Counts WHERE email = ? ', (email,))

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.