Python MySQLdb execute table variable [duplicate]

python mysql-python

You can't use a parameter for the table name in the execute call. You'll need to use normal Python string interpolation for that:

sql = "SELECT * FROM %s" % table
cursor.execute(sql)

Naturally, you'll need to be extra careful if the table name is coming from user input. To mitigate SQL injection, validate the table name against a list of valid names.

Related

Is it possible to set timeout for std::cin?
VBA - Folder Picker - set where to start [duplicate]
Continued Ninject support in ASP.NET Core MVC?
Function in SQL Server 2008 similar to GREATEST in mysql?
Prevent the main() function from terminating before goroutines finish in Golang
for loop in Java runs 3 times before taking next input
Assign webcam to a specific /dev/video#
Ubuntu (dual boot Windows) Ethernet Not Connecting/Detecting
How to find a program which is preventing sleeping?
How to upgrade to a newer version of a package than is available in the repository?
GNOME Software shows less programs than Ubuntu Software Center
configured directory for incoming file does not exist