Manual parameter substitution in sqlite3
Skip Montanaro
skip.montanaro at gmail.com
Tue Feb 28 13:40:38 EST 2017
On Tue, Feb 28, 2017 at 11:40 AM, Chris Angelico <rosuav at gmail.com> wrote:
> Testing with PostgreSQL (which *does* transform lists) suggests that
> "in" doesn't work; I used "key = any(%s)". I'd try that with sqlite3
> first, just in case it makes a difference. Probably it won't, but
> worth a try.
Yeah, doesn't work in Sqlite. It doesn't appear to have an any() function.
> Second recommendation: Switch to PostgreSQL, because then this happens
> automatically :)
It's on my likely list of upgrades. Sqlite3 was just easier to start with.
> Third recommendation: Instead of making yourself completely
> vulnerable, just go one level in:
That's what I was doing.
On Tue, Feb 28, 2017 at 12:05 PM, Peter Otten <__peter__ at web.de> wrote:
> If all else fails use quote()
>
> http://www.sqlite.org/lang_corefunc.html#quote
This looks like it will do the trick nicely. I was only looking at the
API for the Python package, not considering the Sqlite3 core. To allow
simpler migration to another database in the future, I'll likely hide
your example in a function.
Thanks for the responses.
Skip
More information about the Python-list
mailing list