Skip to content Skip to sidebar Skip to footer
Home / Python / Sqlite

Sqlite Unrecognized Token: "'''"

Post a Comment
I met problems while using sqlite3 in python. def getEntryId(self, table, field, value, createNew=True): cur=self.con.execute('select rowid from %s where %s = '%s'' % (table, f

Solution 1:

You should parameterize the query. You cannot though parameterize the table and field names, you can use string formatting to insert the table and field names into the query, but make sure you either trust the source, or validate the values properly:

query = "select rowid from {table} where {field} = %s".format(table=table, field=field)
cur = self.con.execute(query, (value, ))
res = cur.fetchone()

The parameterization not only helps to prevent SQL injection attacks, but also handles the data types conversions, escapes the parameters properly, which may fix your current problem as well.

Post a Comment for "Sqlite Unrecognized Token: "'''""