1

I am trying to execute a select statement for an Oracle database. In my select statement instead of giving the table name directly , I need to retrieve it from an check box and give it in the query. Tried some code but ended up with error...Pls find my code below

if self.checkbox.isChecked():
    Text = self.checkbox.text
     self.cur.execute(“select * from :tblmn”,(text))
     print(cur)

Connection and cursor is already defined but not specified in the code above. Please help me in resolving this. Thanks

Improve this question
1

1 Answer 1

Reset to default
2

This is basically a combination of solutions to this question. You cannot use a bind table name but it can be done through string formatting, which increases the risk of SQL Injection.To avoid that you can make use of DBMS_ASSERT oracle package which has functions that can throw exception if it's not a valid database object(dbms_assert.sql_object_name), which you may have to handle. Presuming you're using cx_Oracle,

cur = conn.cursor()
my_tabname = cur.callfunc('sys.dbms_assert.sql_object_name'
                             , cx_Oracle.STRING, ['employees'])
cur.execute("SELECT * from {tablename}".format(tablename=my_tabname))
for line in cur:
    print(line)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.