Python sqlite3 misinterpreting parameter

I'm trying to put a column name into a SQL query thusly

import sqlite3
db = sqlite3.connect('path/to/my/database.sqlite')
cur = db.cursor()
def get_val(field):
 return cur.execute('''
 SELECT x, y, :field FROM literal_table
 WHERE 
 :valid_field_name > 0 AND
 (some other conditions)
 GROUP BY x, y''',
 {'field': field}).fetchall()
get_val('valid_field_name')

but when I execute the code, instead of grabbing the value from the column, python is returning

[(x1, y1, u'valid_field_name'), (x2, y3, u'valid_field_name'), ...]

I know that you can't encode table names, but there are examples in the docs of column names being parametrized. I've hacked together a solution with string formatting (the code's for private data processing, so SQL injection isn't a problem) but I need to understand what's going on!

I'm using Python 2.7.3

• 1
  I don't see the problem, the code is doing what is supposed to do. Be aware that you are returning the result of cur.execute sql query, and that is a tuple.

  MGP

  – MGP

  2013年07月05日 15:34:49 +00:00

  Commented Jul 5, 2013 at 15:34
• What examples in the docs?

  CL.

  – CL.

  2013年07月05日 15:41:39 +00:00

  Commented Jul 5, 2013 at 15:41
• It would appear I read the docs too quickly; select ? is present, but not select ? from ....

  Nat Knight

  – Nat Knight

  2013年07月05日 15:47:10 +00:00

  Commented Jul 5, 2013 at 15:47
• Also, thanks @ManuelGutierrez. I've added .fetchall() and edited the question.

  Nat Knight

  – Nat Knight

  2013年07月05日 16:02:00 +00:00

  Commented Jul 5, 2013 at 16:02

1 Answer 1

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.