Home/ Questions/Q 8714551
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T05:37:27+00:00

I searched for a long time for the answer and did the following: (1)

  • 0

I searched for a long time for the answer and did the following:

(1)

query = "SELECT COUNT(*) FROM %s WHERE user_name = %s" % (table_name, username)
result = conn.query(query).result()[0][0]
if result == 0:
    (do something)

(2) 

query = "SELECT 1 FROM %s WHERE user_name = %s" %(table_name, username)
result = conn.query(query).result()[0][0]
if result == ' ':
    (do something)

(3)

query = "SELECT EXISTS (SELECT 1 FROM %s WHERE user_name = %s)" %(table_name, username)
result = conn.query(query).result()[0][0]
if result == 't':
    (do something)

But all don’t work… the error is always: 

column "Tom" does not exist

Since it really doesn’t exist and I just want to check if it exists. Any help is appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You’re not quoting your strings.

    You query looks like this, once it gets to PostgreSQL:

    SELECT COUNT(*) FROM Table WHERE user_name = Tom

    Which compares the user_name column against the non-existant Tom column.

    What you want is a query like this:

    SELECT COUNT(*) FROM Table WHERE user_name = 'Tom'

    To do this right, you should be using parameterized statements, to avoid any possibility of SQL injection. With a DBAPI module, it’s a simple as:

    cursor = conn.cursor()
cursor.execute('SELECT COUNT(*) FROM Table WHERE user_name = %s', user_name)

    If you need the table name to be dynamic as well, then you have to construct it like this:

    cursor = conn.cursor()
query = 'SELECT COUNT(*) FROM %s WHERE user_name = %%s' % table_name
cursor.execute(query, user_name)

    But you need to be absolutely certain that the table name is valid. Anybody who could control that variable could do absolutely anything to your database.

    • 0