Sqlite3:OperationalError:在“ TABLE”附近:语法错误
[英]Sqlite3: OperationalError: near “TABLE”: syntax error
问题描述
I am getting the following error when using sqlite3 
使用sqlite3时出现以下错误
OperationalError: near "TABLE": syntax error
The error occurs on this line: 该行发生错误:
c.execute('INSERT TABLE IF NOT EXISTS ' + bracketName + ' (player_1 TEXT, player_2 TEXT, winner TEXT, loser TEXT, player_1_score INTEGER, player_2_score INTEGER, round TEXT)')
Searching for this error suggests that the problem is caused when "table" is used as a name for a table, despite being a reserved word. 搜索此错误表明,尽管将“表”用作表的名称(尽管是保留字),但仍会引起该问题。 This is not the case in my situation, as I'm naming the table whatever is stored in the variable "bracket." 在我的情况下,情况并非如此,因为我正在为表命名存储在变量“括号”中的所有内容。
I'm not sure how to add more code to make this a reproducible example, so I'm hoping the problem is obvious from syntax 我不确定如何添加更多代码以使其成为可重现的示例,所以我希望问题在语法上很明显
1 个解决方案
解决方案1
2 已采纳 2019-06-26 23:31:48
As the comments mentioned, the command to create a new table is CREATE TABLE. 如前所述,创建新表的命令是CREATE TABLE。 INSERT is used to create new rows in an existing table. INSERT用于在现有表中创建新行。 However, as far as I've been able to tell (and as a comment on your question mentions), you cannot use parameter substitution for table names. 但是,据我所知(并提及您的问题),您不能对表名使用参数替换。 Therefore, this will work: 因此,这将起作用:
c.execute('CREATE TABLE IF NOT EXISTS ' + bracketName + ' (player_1 TEXT, player_2 TEXT, winner TEXT, loser TEXT, player_1_score INTEGER, player_2_score INTEGER, round TEXT)')
However, as has been pointed out, this is not very secure. 但是,正如已经指出的那样,这不是很安全。 Drawing from This Answer : if you are worried about injection, try writing a function that cleans the string before passing it. 从这个答案中得出:如果您担心注入,请尝试编写一个在传递字符串之前清除字符串的函数。 That answer gives an example of a "cleaner" that will only pass alphanumeric characters to avoid injection attacks. 该答案给出了一个“清除程序”的示例,该清除程序仅传递字母数字字符以避免注入攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.