I'm using sqlite for the first time, so I'm not sure whether I'm trying to
do something unsupported. or whether I'm trying to do something that's
supported, but doing it wrong.
I want to get information about a table in my database. The variable
tablename holds the name of the table, and self.dbconn.execute is a valid
connection object.
This works:
GET_TABLE_INFO_COMMAND = "PRAGMA TABLE_INFO(%s)"
pragma_cmd = GET_TABLE_INFO_COMMAND % tablename
field_data = self.dbconn.execute(pragma_cmd)
But I'm mindful of the warning ("# Never do this -- insecure!") at
http://docs.python.org/lib/module-sqlite3.html, and I'd like to get into
the habit of doing that; so instead I tried it this way (and many
variations of it):
GET_TABLE_INFO_COMMAND = "PRAGMA TABLE_INFO(?)"
pragma_cmd = GET_TABLE_INFO_COMMAND
field_data = self.dbconn.execute(pragma_cmd, (tablename))
I get the error:
sqlite3.OperationalError: near "?": syntax error
Some of the variations included using "tablename" or "(tablename,)" for
the second parameter; it made no difference.
Does the "?" approach not work with PRAGMA commands or something; or am I
doing this wrong?
_______________________________________________
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
