0

I want the program to look for keywords in the input and if it is the same as one in the names table then it will search for the solutions with that specific name. I want the FROM to be x[space] as that would be the variable with the correct name e.g sound.

issue = input("BOT: Hello, please specify your issue\nType here:  ")
issue = issue.lower()
x = issue.split(" ")
c.execute("""SELECT Names FROM names""")
prob = c.fetchall()
conn.commit()
prob = str(prob)
prob = prob.split(" ")
space = 0
space1 = 0
right = False
while space < len(x) and right == False:
    if x[space] == prob[space1]:
        c.execute("""SELECT solutions FROM ?""",x[space])
        do = c.fetchall()
        conn.commit()

the error I got:

Traceback (most recent call last): File "/Users/nikkiclarke/Request bot/request code.py", line 272, in c.execute("""SELECT solutions FROM ?""",x[space]) sqlite3.OperationalError: near "?": syntax error

Ben Clarke
  • 13
  • 3
  • Generally speaking, table names cannot be parameterized as you can do for conditions in where clauses. I can't say for sure that this won't work (I'm not 100% an expert in all things sqlite+python) but, well, it looks to me like it won't work. I think you would need `sql = 'select * from ' + x[space] ... c.execute(sql)` and of course this all subject to sql injection attacks. – topsail Dec 10 '22 at 16:20
  • Ok, it works now. I can always protect it in other ways from sql injection attacks at the moment it works and that's all I needed it to do so thank you. – Ben Clarke Dec 10 '22 at 16:35
  • Does this answer your question? [Can I use parameters for the table name in sqlite3?](https://stackoverflow.com/questions/5870284/can-i-use-parameters-for-the-table-name-in-sqlite3) – PChemGuy Dec 10 '22 at 16:46

0 Answers0