aiwarrior wrote: > When i run it the get_value() returns 'filepath' instead of the > columns. But if i dont use any variable and make the expression static > all goes on as its supposed to. What am i doing wrong?
> self.cursor.execute( "SELECT (?) FROM database", column ) In this case you have to use Python's string interpolation, or the column will be interpreted as a const value. The following should work: self.cursor.execute( "SELECT %s FROM database" % column) If you must sanitize the column name you can prepend something like if column not in allowed_names: raise ValueError Peter -- http://mail.python.org/mailman/listinfo/python-list
