stackoom
  简体   繁体   中英

psycopg2 passing in table name

 原文  2015-08-31 16:09:28       python/ psycopg2

Question

I have the following query

table = "#temp_table"
cursor.execute("""select * from %s as a """, (table))

I keep getting a syntax error at the from stement. Why will this not work?

1 answers

solution1
 2 ACCPTED  2015-08-31 17:07:30

You are receiving this error because the arguments passed into the second argument, (table) (which really should be (table,) ), are escaped in the SQL statement that is run.

In this example, the select * from %s as a is transformed into select * from '#temp_table' as a which is an error. To correctly insert a table name, you need to format the SQL statement string directly like so:

query = 'select * from "{}" as a'.format(table)
cursor.execute(query)

You should be very careful about what data you insert into the query this way because it's highly susceptible to SQL-injection exploits. Do not use this with untrusted data.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Passing table name as a parameter in psycopg2 Passing table name as a parameter in psycopg2, relation does not exist for a public table psycopg2 interpolate table name in executemany statement python psycopg2 table name from a variable Unable to Pass in Table Name for Query psycopg2 String table name not working in a query with psycopg2 Passing a datetime into psycopg2 Passing parameter in psycopg2 Passing variable database name in psycopg2's execute() drop postgreSQL table with Quotation Marks in name using psycopg2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM