saniac wrote:
> I am working on a little project using pysqlite. It's going to be
> exposed on the web, so I want to make sure I quote all incoming data
> correctly. However, I've run into a brick wall trying to use parameters
> to populate a query of the form "select * where col1 in ( ? )"
>
> The naive approach doesn't work:
>
> values=['foo', 'bar', 'baz']
> sql = """select * where value in (?)"""
> cu = cx.cursor()
> cu.execute(sql, (values))
>
> The code blows up because the cursor is expecting 1 arg and gets 3.
I assume you mean 'select * from table where...'
Try this -
values=['foo', 'bar', 'baz']
sql = """select * from table where value in (?,?,?)"""
cu = cx.cursor()
cu.execute(sql, values)
It works with odbc from pywin32. I have not tried pysqlite.
If you want it to handle a variable number of values, you will have to
programmatically construct the sql statement with the appropriate
number of parameters.
HTH
Frank Millman
--
http://mail.python.org/mailman/listinfo/python-list
