Hi all,
I would like to ask about the usage of sqlite3 in python, more specifically
about a way to pass table
or column names to a SQL commands using parameters.
All examples I could find use
the parameter substitution with "?" for values; is it possible the
specify table and column names this way?
e.g. something like
curs.execute(u'INSERT OR REPLACE INTO %s(%s) VALUES (?)' % ("people",
"email"), ("[EMAIL PROTECTED]",))
(And the similar cases e.g.: CREATE TABLE, ALTER TABLE ... ADD.)
Unfortunately, I wasn't successful in replacing the string interpolation
with the substitution notation; are there maybe any hints, how to do that?
Or is it ok to use string interpolation here? (Are these parts of the SQL
command vulnerable too?)
What I am trying to achieve is to build a database dynamically - based on
the input data the respective
table would be chosen, and the appropriate columns created and filled
with the content.
Thanks in advance for any suggestions - and sorry if I missed something
obvious...
Vlasta
--
http://mail.python.org/mailman/listinfo/python-list
