views:

356

answers:

3

I think I am being a bonehead, maybe not importing the right package, but when I do...


from pysqlite2 import dbapi2 as sqlite
import types
import re
import sys
...
    def create_asgn(self):
     stmt = "CREATE TABLE ? (login CHAR(8) PRIMARY KEY NOT NULL, grade INTEGER NOT NULL)"
     stmt2 = "insert into asgn values ('?', ?)"
     self.cursor.execute(stmt, (sys.argv[2],))
     self.cursor.execute(stmt2, [sys.argv[2], sys.argv[3]])
...
 I get the error pysqlite2.dbapi2.OperationalError: near "?": syntax error 

This makes very little sense to me, as the docs show that pysqlite is qmark parametrized. I am new to python and db-api though, help me out! THANKS

+4  A: 

That's because parameters can only be passed to VALUES. The table name can't be parametrized.

Also you have quotes around a parametrized argument on the second query. Remove the quotes, escaping is handled by the underlining library automatically for you.

nosklo
+1  A: 

Try removing the quotes in the line that assigns to stmt2:

    stmt2 = "insert into asgn values (?, ?)"

Also, as nosklo says, you can't use question-mark parameterisation with CREATE TABLE statements. Stick the table name into the SQL directly.

Pourquoi Litytestdata
+1  A: 

If you really want to do it, try something like this:

def read(db="projects"):

sql = "select * from %s"
sql = sql % db
c.execute(sql)
Aaron
if I am to do this, is there a function I can make to escape db first???
Overflown