How to UPDATE table in psycopg2

python sql psycopg2

Solution 1:

cur.execute("UPDATE  Diary SET ❌%s❌ = %s where diary_id = %s",(enter,select,p_id))

You can't use a bind variable to set a tablename or column name or the like. I.e. you can't compose/build a query from binds, only use binds to substitute in sql arguments.

For example, see Oracle doc (first one I found citing this):

Bind variables can be used to substitute data, but cannot be used to substitute the text of the statement. You cannot, for example, use a bind variable where a column name or a table name is required. Bind variables also cannot be used in Data Definition Language (DDL) statements, such as CREATE TABLE or ALTER statements.

Sure, you could compose the query as

qry = f"UPDATE  Diary SET {enter} = %s ..."
cur.execute(qry,(select,p_id))

but that's a massive security risk of the sql injection kind and designing around how to safely take in user-supplied params to build into a safe sql query goes beyond answering your asking why this error was happening.

Related

What is the best pattern for dynamically rendering components?
Codeigniter | Remove index.php from site_url or anchor functions
Microsoft Speech API (SAPI) SpVoice A Way for a Stop function
Google reCaptcha response "Uncaught (in promise) null"
Xcode 11 backward compatibility: "UIWindowScene is only available in iOS 13 or newer"
How do I get my page title to have an icon?
Re-installation failed due to different application signatures
What's the use of metaprogramming?
Get JSONArray without array name?
Convert HTML5 Canvas into File to be uploaded?
How to open URL in Microsoft Edge from the command line?
To run dex in process, the Gradle daemon needs a larger heap. It currently has approximately 910 MB