Using python and postgres, variables within execute function?

Question

I had a question regarding the usage of variables inside a python function which accesses the PostgreSQL server. For example, the following:

def delete():
           


        

Answer 1

SOLVED:

I see what I was doing wrong. The only change I needed to make was add a comma after var_1, since: "For positional variables binding, the second argument must always be a sequence, even if it contains a single variable. And remember that Python requires a comma to create a single element tuple".

For example:

def delete(var_1):
    cur.execute(
    """DELETE FROM potluck 
    WHERE name = %s;""", (var_1,))

This works. I got the info from:

http://initd.org/psycopg/docs/usage.html#sql-injection

In the second case, then please reference the other answer below, which uses AsIs. That works. For example:

def delete(name, var_1):
    cur.execute(
    """DELETE FROM potluck 
    WHERE %s = %s;""", (AsIs(name), var_1))

That does the trick. Thanks!

Answer 2

To pass identifiers use psycopg2.extensions.AsIs

from psycopg2.extensions import AsIs

def update(table_name, var_1, var_2):
    cur.execute("""
        UPDATE %s
        SET %s = 'Y'
        WHERE %s = 'John';
        """,
        (AsIs(table_name), AsIs(var_1), AsIs(var_2))
    )