-2

I am trying to format the following select statement:

cursor.execute("SELECT ST_SetSRID(ST_MakePoint({x}, {y}, {z}),4326) FROM " + config['PostgreDB']['table_name'] + ";".format(x, y, z))

when i run the code i recived the below posted error message

please let me know how to format this select statement correctly

code:

cursor.execute("SELECT ST_SetSRID(ST_MakePoint({x}, {y}, {z}),4326) FROM " + config['PostgreDB']['table_name'] + ";".format(x, y, z))

error

FEHLER:  Syntaxfehler bei »{«
LINE 1: SELECT ST_SetSRID(ST_MakePoint({x}, {y}, {z}),4326) FROM slo...
Gajanan Kulkarni
  • 697
  • 6
  • 22
Amrmsmb
  • 1
  • 27
  • 104
  • 226
  • `cursor.execute("SELECT ST_SetSRID(ST_MakePoint({x}, {y}, {z}),4326) FROM {table};".format(x=x, y=y, z=z, table=config['PostgreDB']['table_name'])) `? – KiraLT May 17 '21 at 06:05
  • 3
    You should probably use your database’s *parameterized query API* to begin with instead of manual string interpolation prone to SQL injection. – deceze May 17 '21 at 06:10
  • Instead of using formatted text, you can pass tuple of values. – ThePyGuy May 17 '21 at 06:11
  • @ThePyGuy would you please provide an example – Amrmsmb May 17 '21 at 06:20
  • Use .format before concatenation like : cursor.execute("SELECT. ST_SetSRID(ST_MakePoint({x}, {y}, {z}),4326) FROM ".format(x, y, z) + config['PostgreDB']['table_name'] + ";") – Amisha Kirti May 17 '21 at 06:27

1 Answers1

0

Use .format at the end of first string...

Use it like this:-

cursor.execute("SELECT. ST_SetSRID(ST_MakePoint({x}, {y}, {z}),4326) FROM ".format(x=x, y=y, z=z) + config['PostgreDB']['table_name'] + ";")

Alternatively you can use f-strings if your python version is above or equal to 3.6

Code:-

cursor.execute(f"SELECT ST_SetSRID(ST_MakePoint({x}, {y}, {z}),4326) FROM " + config['PostgreDB']['table_name'] + ";")
Krish agrawal
  • 62
  • 1
  • 3
  • 1
    `format(x, y, z)` will give error in your case. You will need to do `format(x=x, y=y, z=z)` – Ank May 17 '21 at 06:31