"attach "%s" as toMerge" % "b.db"
You should use '
instead of "
, so you don't have to escape.
You used the old formatting strings that are deprecated.
'attach "{0}" as toMerge'.format("b.db")
This uses the new format string feature from newer Python versions that should be used instead of the old one if possible.
"attach ? as toMerge"; cursor.execute(cmd, ('b.db', ))
This one omits string formatting completely and uses a SQLite feature instead, so this is the right way to do it.
Big advantage: no risk of SQL injection
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…