I am working on a little project using pysqlite. It's going to be exposed on the web, so I want to make sure I quote all incoming data correctly. However, I've run into a brick wall trying to use parameters to populate a query of the form "select * where col1 in ( ? )"
The naive approach doesn't work: values=['foo', 'bar', 'baz'] sql = """select * where value in (?)""" cu = cx.cursor() cu.execute(sql, (values)) The code blows up because the cursor is expecting 1 arg and gets 3. I tried joining the array members with a comma, and that didn't work. I've also tried the equivalent with the named style, which pysqlite also supports, but that didn't work either. I can't find any documentation that demonstrates this kind of query. Is there a way to do this? It seems a bit odd not to have a way to escape this kind of query. -- http://mail.python.org/mailman/listinfo/python-list
