correct parameter usage for "select * where id in ..."
saniac
saniac at gmail.com
Sat Oct 28 05:01:24 EDT 2006
I am working on a little project using pysqlite. It's going to be
exposed on the web, so I want to make sure I quote all incoming data
correctly. However, I've run into a brick wall trying to use parameters
to populate a query of the form "select * where col1 in ( ? )"
The naive approach doesn't work:
values=['foo', 'bar', 'baz']
sql = """select * where value in (?)"""
cu = cx.cursor()
cu.execute(sql, (values))
The code blows up because the cursor is expecting 1 arg and gets 3. I
tried joining the array members with a comma, and that didn't work.
I've also tried the equivalent with the named style, which pysqlite
also supports, but that didn't work either.
I can't find any documentation that demonstrates this kind of query.
Is there a way to do this? It seems a bit odd not to have a way to
escape this kind of query.
More information about the Python-list
mailing list