Bind variables for Oracle select Query in Python

Question

I am trying to execute a select statement for an Oracle database. In my select statement instead of giving the table name directly , I need to retrieve it from an check box and give it in the query. Tried some code but ended up with error...Pls find my code below

if self.checkbox.isChecked():
    Text = self.checkbox.text
     self.cur.execute(“select * from :tblmn”,(text))
     print(cur)

Connection and cursor is already defined but not specified in the code above. Please help me in resolving this. Thanks

Possible duplicate of [Binding variable to table name with cx\_Oracle](https://stackoverflow.com/questions/13124572/binding-variable-to-table-name-with-cx-oracle) — shmee, Apr 16 '19 at 05:41

Kaushik Nayak · Answer 1 · 2019-04-16T09:41:12.970

This is basically a combination of solutions to this question. You cannot use a bind table name but it can be done through string formatting, which increases the risk of SQL Injection.To avoid that you can make use of DBMS_ASSERT oracle package which has functions that can throw exception if it's not a valid database object(dbms_assert.sql_object_name), which you may have to handle. Presuming you're using cx_Oracle,

cur = conn.cursor()
my_tabname = cur.callfunc('sys.dbms_assert.sql_object_name'
                             , cx_Oracle.STRING, ['employees'])
cur.execute("SELECT * from {tablename}".format(tablename=my_tabname))
for line in cur:
    print(line)

Bind variables for Oracle select Query in Python

1 Answers1