Python Question
sqlite3.OperationalError: near "?": syntax error
I have a problem, i just keep getting error however i am trying to format this. Also tried %s.
Any suggestions?
group_food = (group, food)
group_food_new = (group, food, 1)
with con:
cur = con.cursor()
tmp = cur.execute("SELECT COUNT(Name) FROM (?) WHERE Name=?", group_food)
if tmp == 0:
cur.execute("INSERT INTO ? VALUES(?, ?)", group_food_new)
else:
times_before = cur.execute("SELECT Times FROM ? WHERE Name=?", group_food)
group_food_update = (group, (times_before +1), food)
cur.execute("UPDATE ? SET Times=? WHERE Name=?", group_food_update)
Recommended for you: Get network issues from WhatsUp Gold. Not end users.
Answer Source
You cannot use SQL parameters to be placeholders in SQL objects; one of the reasons for using a SQL parameters is to escape the value such that the database can never mistake the contents for a database object.
You'll have to interpolate the database objects separately:
cur.execute("SELECT COUNT(Name) FROM {} WHERE Name=?".format(group), (food,))
and
cur.execute("INSERT INTO {} VALUES(?, ?)".format(group), (food, 1))
and
cur.execute("UPDATE {} SET Times=? WHERE Name=?".format(group),
(times_before + 1, food))
If your object names are user-sourced, you'll have to do your own (stringent) validation on the object names to prevent SQL injection attacks here. Always validate them against existing objects in that case.
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download