1

I think I am being a bonehead, maybe not importing the right package, but when I do...


from pysqlite2 import dbapi2 as sqlite
import types
import re
import sys
...
    def create_asgn(self):
        stmt = "CREATE TABLE ? (login CHAR(8) PRIMARY KEY NOT NULL, grade INTEGER NOT NULL)"
        stmt2 = "insert into asgn values ('?', ?)"
        self.cursor.execute(stmt, (sys.argv[2],))
        self.cursor.execute(stmt2, [sys.argv[2], sys.argv[3]])
...
 I get the error pysqlite2.dbapi2.OperationalError: near "?": syntax error

This makes very little sense to me, as the docs show that pysqlite is qmark parametrized. I am new to python and db-api though, help me out! THANKS

Noah
  • 15,080
  • 13
  • 104
  • 148
Overflown
  • 1,830
  • 2
  • 19
  • 25

3 Answers3

7

That's because parameters can only be passed to VALUES. The table name can't be parametrized.

Also you have quotes around a parametrized argument on the second query. Remove the quotes, escaping is handled by the underlining library automatically for you.

nosklo
  • 217,122
  • 57
  • 293
  • 297
2

Try removing the quotes in the line that assigns to stmt2:

    stmt2 = "insert into asgn values (?, ?)"

Also, as nosklo says, you can't use question-mark parameterisation with CREATE TABLE statements. Stick the table name into the SQL directly.

Luke Woodward
  • 63,336
  • 16
  • 89
  • 104
1

If you really want to do it, try something like this:

def read(db="projects"):

sql = "select * from %s"
sql = sql % db
c.execute(sql)
  • use the backtick form of table names in the SQL (ie: \`table\` instead of table) and make a function remove_backticks(inputString) that returns inputString with all backticks removed. Then write the above query (since you provided that example) as such: `sql="SELECT * from \`%s\`" % remove_backticks(db)` – Brian Jack Jun 29 '12 at 07:14