Manual parameter substitution in sqlite3
Chris Angelico
rosuav at gmail.com
Tue Feb 28 13:42:39 EST 2017
On Wed, Mar 1, 2017 at 5:40 AM, Skip Montanaro <skip.montanaro at gmail.com> wrote:
> On Tue, Feb 28, 2017 at 11:40 AM, Chris Angelico <rosuav at gmail.com> wrote:
>> Testing with PostgreSQL (which *does* transform lists) suggests that
>> "in" doesn't work; I used "key = any(%s)". I'd try that with sqlite3
>> first, just in case it makes a difference. Probably it won't, but
>> worth a try.
>
> Yeah, doesn't work in Sqlite. It doesn't appear to have an any() function.
Not surprised, but worth a try.
>> Third recommendation: Instead of making yourself completely
>> vulnerable, just go one level in:
>
> That's what I was doing.
>
That isn't what you were doing in your post, so it seemed worth
mentioning. Sounds like you have the best available options already at
your fingertips. Have at it!
ChrisA
More information about the Python-list
mailing list