Safe way to create sqlite3 table in python

Question

Safe way to create sqlite3 table in python

A safe way to insert into a table

c.execute("insert into table (?,?,?,...)",my_tuple)

But how to create a table safely? I tried something like this:

conn = sqlite3.connect(database)
c = conn.cursor()
cmd = "create table ? (? text,? text)"
my_tuple = ("my_table","first","second")
c.execute(cmd,my_tuple)

but I get errors like this:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
sqlite3.OperationalError: near "?": syntax error

Should I just compile the string in python and throw it in sqlite to create the table?

+3

python sqlite3

mathtick Nov 29 '10 at 21:08

source share

2 answers

fooobar.com/questions/205357/...

"" "" , , )(][;,, - sql-, ); drop tables --, .

, , , "sanitize the string" , .

+2

Qanthelas 23 . '12 17:22

Thomas K · Accepted Answer · 2010-11-29T22:31:12+0000

If you are just trying to import csv files and think that they are not being sent to you by some user who might try to get confused with your database , just build it in Python:

"create table %s (%s text,%s text)" % ("my_table","first","second")

, , , /.

Safe way to create sqlite3 table in python

More articles: