> -----Original Message----- > From: sqlalchemy@googlegroups.com > [mailto:sqlalch...@googlegroups.com] On Behalf Of Mariano Mara > Sent: 15 April 2010 16:20 > To: sqlalchemy > Subject: Re: [sqlalchemy] further restricting a query > provided as raw sql > > Excerpts from Chris Withers's message of Thu Apr 15 11:46:05 > -0300 2010: > > Michael Bayer wrote: > > > you have to rewrite your SQL to support the number of > values in the IN clause for each parameter set. > > > > Hmm :'( > > > > While my code knows the number of values, they don't, and > it may vary > > from when they write the SQL to when that SQL gets executed > by my code... > > > > Chris > > > My answer will be generic since I don't know id SA provide a > better way > to deal with it (I haven't face this situation yet). > You will have to provide the values not as binded parameters but > hardcoded instead: > > """SELECT somestuff FROM somewhere > WHERE some_date >= :from_date AND some_date <= :to_date > AND somefield in (%s)""" % (",".join([str(x) for x in a])) > > if you don't like this kind of hack, depending on your > database, you can > create a temp table, insert all the values in it and join with your > real table. >
...and make sure that you properly escape all your values to prevent SQL injection. I guess another option would be to detect when lists are passed in, then replace ':values' with ':value0, :value1, :value2' etc. in the SQL. As long as you can be sure that the string ':values' doesn't appear anywhere else in the SQL, this wouldn't be too bad. Simon -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.
