On 2017-03-02 09:55, Christian Gollwitzer wrote:
> you could do it "the (theoretical) right way", which is using
> another table. Insert your keys into a table, maybe temporary one,
> and then do
>
> select * from mumble where key in (select key from keytable)
>
> In theory that should also be fa
Am 28.02.17 um 18:28 schrieb Skip Montanaro:
Most of the time (well, all the time if you're smart), you let the
database adapter do parameter substitution for you to avoid SQL
injection attacks (or stupid users). So:
curs.execute("select * from mumble where key = ?", (key,))
If you want to
On 28.02.17 19:28, Skip Montanaro wrote:
Most of the time (well, all the time if you're smart), you let the
database adapter do parameter substitution for you to avoid SQL
injection attacks (or stupid users). So:
curs.execute("select * from mumble where key = ?", (key,))
If you want to sele
On 2017-03-01 04:40, Chris Angelico wrote:
> curs.execute("select * from mumble where key in (" +
> ",".join(["?"]*len(keys)) + ")", keys)
>
> If this is combined with another parameter, it'd be messier, but you
> could do something like:
>
> curs.execute("select * from mumble where key in (" +
>
On 2017-02-28, Skip Montanaro wrote:
> Some database adapters provide a function to do explicit
> substitution (e.g., mySQLdb.escape, psycopg2._param_escape),
> but the sqlite3 adapter doesn't.
It's clunky but you can use sqlite's core "quote" function.
quote(X)
The quote(X) function returns
On Tue, Feb 28, 2017 at 12:42 PM, Chris Angelico wrote:
> That isn't what you were doing in your post, so it seemed worth
> mentioning.
Sorry, my original post was a bit abbreviated. I can't copy text from
inside to outside, so have to retype everything. I guess I missed
that.
S
--
https://mail
On Wed, Mar 1, 2017 at 5:40 AM, Skip Montanaro wrote:
> On Tue, Feb 28, 2017 at 11:40 AM, Chris Angelico wrote:
>> Testing with PostgreSQL (which *does* transform lists) suggests that
>> "in" doesn't work; I used "key = any(%s)". I'd try that with sqlite3
>> first, just in case it makes a differe
On Tue, Feb 28, 2017 at 11:40 AM, Chris Angelico wrote:
> Testing with PostgreSQL (which *does* transform lists) suggests that
> "in" doesn't work; I used "key = any(%s)". I'd try that with sqlite3
> first, just in case it makes a difference. Probably it won't, but
> worth a try.
Yeah, doesn't wo
Skip Montanaro wrote:
> Most of the time (well, all the time if you're smart), you let the
> database adapter do parameter substitution for you to avoid SQL
> injection attacks (or stupid users). So:
>
> curs.execute("select * from mumble where key = ?", (key,))
>
> If you want to select fro
On Wed, Mar 1, 2017 at 4:28 AM, Skip Montanaro wrote:
> Some database adapters provide a function to do explicit substitution
> (e.g., mySQLdb.escape, psycopg2._param_escape), but the sqlite3
> adapter doesn't. Is there a function floating around out there which
> does the right thing, allowing yo
10 matches
Mail list logo
