7

I need to dynamically change tables and variables from time to time, so I wrote a python method like this:

    selectQ ="""SELECT * FROM  %s WHERE %s = %s;""" 
    self.db.execute(selectQ,(self.table,self.columnSpecName,idKey,))
    return self.db.store_result()

However this results in a syntax error exception. I tried debugging it so I printed the variables in the method and filled them in manually, and that worked. So I am not sure what I am doing wrong ?

Is it because I try to use a substitute for a table ?

Also how do I debug mysqldb so it prints the substituted query as a string ?

Lucas Kauffman
  • 6,789
  • 15
  • 60
  • 86

4 Answers4

12

Parameter substitution in the DB API is only for values - not tables or fields. You'll need to use normal string substitution for those:

selectQ ="""SELECT * FROM  %s WHERE %s = %%s;""" % (self.table,self.columnSpecName)
self.db.execute(selectQ,(idKey,))
return self.db.store_result()

Note that the value placeholder has a double % - this is so that it's left alone by the initial string substitution.

Daniel Roseman
  • 588,541
  • 66
  • 880
  • 895
  • If I understand correctly it will substitute the %s with a string and it will just drop off a % sign of %%s ? – Lucas Kauffman Feb 22 '12 at 12:14
  • ow btw, apperently you need to typecast the selectQ after substitution to string, but that might be because I also used some integers. – Lucas Kauffman Feb 22 '12 at 12:31
  • Is this documented somewhere? In a query like `SHOW COLUMNS FROM Table`, it's no unreasonable to think of `Table` as a parameter. (But +1 for the answer. This is a hard question to search for.) – Joshua Taylor Nov 21 '14 at 15:48
1

Here is a full working example 

def rtnwkpr(tick, table, col):

    import MySQLdb as mdb
    tickwild = tick + '%'       
    try:
        con = mdb.connect(host, user, password, db);
        cur = con.cursor()
        selectq = "SELECT price FROM %s WHERE %s LIKE %%s;" % (table, col)
        cur.execute(selectq,(tickwild))
        return cur.fetchall()
Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
Peter Rogers
  • 19
  • 2
  • def inswk(table, total, date, tick): import MySQLdb as mdb import sys con = None try: con = mdb.connect(host, user, password, db); cur = con.cursor() selectq = """INSERT INTO %s (price, date, ticker) VALUES (%%s, %%s, %%s)""" % (table) cur.execute(selectq,(total, date, tick)) – Peter Rogers May 29 '12 at 21:38
0

You'll have to use string substitution to add the table and column names, the driver will only handle parameters.

Ed: NM, Daniel answered faster and more completely

Fredrik Håård
  • 2,856
  • 1
  • 24
  • 32
-3

Did you mean to write:

selectQ = """SELECT * FROM %s WHERE %s = %s;""" % (self.table,self.columnSpecName,idKey) #maybe the idkey should be self.idkey? don't know the rest of the code

self.db.execute(selectQ)

and this is just a mistake with string formatting?

Btw why do you write explicit SQL for this kind of work? better use magical sqlalchemy for python sql manipulation..

alonisser
  • 11,542
  • 21
  • 85
  • 139