0

Here are the SQL code as string in python:

sql_code="""
SELECT VAR
    VAR2
FROM TABLE
WHERE VAR in ('A','B')
"""

And I would like to create a variable for the list of selection in the WHERE clause, this is what we can do:

sql_code_arg1="""
SELECT VAR
VAR2
FROM TABLE
WHERE VAR in {}
"""

Then

lst=["A","B"]
print(sql_code_arg1.format(tuple(lst)))

Now, I would like to parameter the entire condition in WHERE clause:

sql_code_arg2="""
SELECT VAR
VAR2
FROM TABLE
WHERE {}
"""

I tried someting like this:

print(sql_code_arg2.format("VAR in "+tuple(list)))

But it doesn't work.

Improve this question
3
  • 2
    Which DB-API are you using ? Commented Jan 6, 2023 at 15:18
  • Does this answer your question? Using variables in the format() function in Python Commented Jan 6, 2023 at 15:23
  • It is for MS SQL Commented Jan 15, 2023 at 8:41

2 Answers 2

Reset to default
2

You were trying to add a string with a tuple.

format("VAR in "+tuple(list)))

Rather, this should work:

sql_code_arg2.format("VAR in "+str(tuple(lst)))

Disclaimer: This method is not recommended because it allows SQL injection

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Please do not recommend methods that allow SQL injection.
@Ijmc yes you are right!
0

Avoid generating sql queries from raw string. its not flexible, unsafe and unmaintainable. For generating sql queries use library https://github.com/kayak/pypika

With this library you can generate sql queries from objects like

customers = Table('customers')
q = Query.from_(customers).select(
    customers.id, customers.fname, customers.lname, customers.phone
).where(
    customers.fname == 'Max'
).where(
    customers.lname == 'Mustermann'
)

and when you need sql string you just cast query to string and get this

SELECT id,fname,lname,phone FROM customers WHERE fname='Max' AND lname='Mustermann'
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.