python - Binding variable to table name with cx_Oracle

Question

I'm using cx_Oracle in Python and can't get a variable be used as table name, like in this simple example:

query = "select * from some.:usertable.userinfo"

bindvars = {'usertable':usertable}

cursor.execute(query, bindvars)

What is the correct syntax? Variable substition works fine when I use WHERE… etc. but not with table names. I guess I have to separate ":usertable" somehow…

Answer 1

Database adapters rarely support using parameters for anything that isn't a 'value' (something that needs quoting). Either use string formatting (dodgy, you run the risk of a sql injection) or use a library like SQLAlchemy that let's you produce valid SQL using Python code.

If you are certain your usertable value is sane (checked against a list of existing table names, for example), the following would work:

query = 'select * from some.{usertable}.userinfo'.format(usertable=usertable)