Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
when i try to use a stringvalue from a tuple as the columnname in my executemany() command, like this:
tup = ('field', 'value',)
cursor.executemany('UPDATE table SET ?=?', tup)
i get a SQlite.operationalerror:
c.executemany('''UPDATE table SET ?=?''', tup)
sqlite3.OperationalError: near "?": syntax error
when can’t the tuple value not be inserted befor the ‘=’ and only after??
Because a SQL parameter indicates a literal value, one that needs quoting to protect it from being interpreted as a SQL table or column name, or a literal.
In other words, your
fieldvalue will be quoted:instead of
You’ll have to sanitize the value for
fieldyourself to ensure that it only contains a field name and then interpolate it yourself:The sanitization is a hard problem; you perhaps should use a framework like SQLAlchemy to generate the SQL for you in a sane manner instead.