3

I'm trying to insert a string into a SQLite Select statement in python. When I try this code:

cur.execute("SELECT * FROM DB WHERE employeeNum = '?'",(empNum,))

I get this error:

sqlite3.ProgrammingError: Incorrect number of bindings supplied. The current statement uses 0, and there are 1 supplied.

When I try this code:

cur.execute("SELECT * FROM DB WHERE employeeNum = '",empNum,"'")

I get this error: 

TypeError: function takes at most 2 arguments (3 given)

How do I query this string? Sorry I'm new to python. Any help would be greatly appreciated!

Fabian
7,0132 gold badges28 silver badges28 bronze badges
asked Jul 25, 2014 at 4:48

1 Answer 1

6

Do not use string formatting to insert query parameters into the query - this would make sql injections possible, you would have problems with characters that need to be escaped, with data type conversions etc.

Eliminate the quotes around ? and continue using parameterized query parameters:

cur.execute("SELECT * FROM DB WHERE employeeNum = ?", (empNum, ))

The quotes around ? made sqlite interpret ? as a string, not a placeholder.

Also see similar problem:

answered Jul 25, 2014 at 4:55
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.