Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am currently using Python 2.7’s SQLite 3 database API. When I go to execute a query like such:
c.execute('''select ? from music where ? like "%?%"''', (attr, attr, query))
I get the following error:
sqlite3.ProgrammingError: Incorrect number of bindings supplied. The current statement uses 2, and there are 3 supplied.
I think that the %?% is what’s throwing it off.
You misunderstand the use of parameter substitution. You can use
?in place a whole, single variable value in the SQL statement. You cannot use it in place of column or table names, nor can you use it as part of a larger string value.In this case you could do this:
If you want to sub in the column names you must do it using string formatting. If you do so and the values came from user input, you need to be careful to avoid SQL injection. You’re protected for the substituted parameters, but not the string formatting.