Python pysqlite not accepting my qmark parameteriz

2019-03-03 03:57发布

问题:

I think I am being a bonehead, maybe not importing the right package, but when I do...


from pysqlite2 import dbapi2 as sqlite
import types
import re
import sys
...
    def create_asgn(self):
        stmt = "CREATE TABLE ? (login CHAR(8) PRIMARY KEY NOT NULL, grade INTEGER NOT NULL)"
        stmt2 = "insert into asgn values ('?', ?)"
        self.cursor.execute(stmt, (sys.argv[2],))
        self.cursor.execute(stmt2, [sys.argv[2], sys.argv[3]])
...
 I get the error pysqlite2.dbapi2.OperationalError: near "?": syntax error 

This makes very little sense to me, as the docs show that pysqlite is qmark parametrized. I am new to python and db-api though, help me out! THANKS

回答1:

That's because parameters can only be passed to VALUES. The table name can't be parametrized.

Also you have quotes around a parametrized argument on the second query. Remove the quotes, escaping is handled by the underlining library automatically for you.



回答2:

Try removing the quotes in the line that assigns to stmt2:

    stmt2 = "insert into asgn values (?, ?)"

Also, as nosklo says, you can't use question-mark parameterisation with CREATE TABLE statements. Stick the table name into the SQL directly.



回答3:

If you really want to do it, try something like this:

def read(db="projects"):

sql = "select * from %s"
sql = sql % db
c.execute(sql)