6👍
✅
You can’t pass table nor column names as parameter arguments. Instead do something like:
qry = "SELECT * from %s;" % 'product'
cursor.execute(qry)
While being mindful of the possibility of SQL-injection attack.
Source:stackexchange.com