Sqlite3: OperationalError: near “TABLE”: syntax error
Question
I am getting the following error when using sqlite3
OperationalError: near "TABLE": syntax error
The error occurs on this line:
c.execute('INSERT TABLE IF NOT EXISTS ' + bracketName + ' (player_1 TEXT, player_2 TEXT, winner TEXT, loser TEXT, player_1_score INTEGER, player_2_score INTEGER, round TEXT)')
Searching for this error suggests that the problem is caused when "table" is used as a name for a table, despite being a reserved word. This is not the case in my situation, as I'm naming the table whatever is stored in the variable "bracket."
I'm not sure how to add more code to make this a reproducible example, so I'm hoping the problem is obvious from syntax
1 answers
solution1
2 ACCPTED 2019-06-26 23:31:48
As the comments mentioned, the command to create a new table is CREATE TABLE. INSERT is used to create new rows in an existing table. However, as far as I've been able to tell (and as a comment on your question mentions), you cannot use parameter substitution for table names. Therefore, this will work:
c.execute('CREATE TABLE IF NOT EXISTS ' + bracketName + ' (player_1 TEXT, player_2 TEXT, winner TEXT, loser TEXT, player_1_score INTEGER, player_2_score INTEGER, round TEXT)')
However, as has been pointed out, this is not very secure. Drawing from This Answer : if you are worried about injection, try writing a function that cleans the string before passing it. That answer gives an example of a "cleaner" that will only pass alphanumeric characters to avoid injection attacks.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.