having a real problem with the format of passing strings to sqlite in python. I have a function that I need to change the request information for, i.e. searching different columns based on user input.
request = "wipdate, forecastCostTotal, forecastSaleTotal, forecastMarginTotal"
jobNo = 50652
months = 10
cur.execute('''
SELECT :request FROM wipdata
JOIN projectName ON wipdata.projectName = projectname.id
WHERE projectNumber = :projectNumber
ORDER BY wipdate
DESC LIMIT :months
''', {'request': request, 'projectNumber': jobNo, 'months': months})
What this appears to be doing is passing the following sql command
SELECT 'wipdate, forecastCostTotal, forecastSaleTotal, forecastMarginTotal' FROM wipdata
JOIN projectName ON wipdata.projectName = projectname.id
WHERE projectNumber = '50652'
ORDER BY wipdate
DESC LIMIT 10
Which clearly fails and returns the following data, rather than the correct information from the database.
"wipdate, forecastCostTotal, forecastSaleTotal, forecastMarginTotal"
How can I pass the request variable so that it drops the leading and trailing quote marks.
The correct SQL query should be.
SELECT wipdate, forecastCostTotal, forecastSaleTotal, forecastMarginTotal FROM wipdata
JOIN projectName ON wipdata.projectName = projectname.id
WHERE projectNumber = '50652'
ORDER BY wipdate
DESC LIMIT 10
Aucun commentaire:
Enregistrer un commentaire