Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to use variables in SQL statement in Python?

Tags:

python

sql

I have the following Python code:

cursor.execute("INSERT INTO table VALUES var1, var2, var3,")

where var1 is an integer, var2 and var3 are strings.

How can I write the variable names without Python including them as part of the query text?

like image 495
user111606 Avatar asked May 23 '09 20:05

user111606

People also ask

Can I use a variable in an SQL statement?

Variables in SQL procedures are defined by using the DECLARE statement. Values can be assigned to variables using the SET statement or the SELECT INTO statement or as a default value when the variable is declared. Literals, expressions, the result of a query, and special register values can be assigned to variables.

How do you pass a parameter in SQL query using Python?

You can pass parameters/arguments to your SQL statements by programmatically creating the SQL string using Scala/Python and pass it to sqlContext. sql(string). Note the 's' in front of the first """. This lets you substitute $param's in a Scala string.

How do you use variables in Python query?

In order to do reference of a variable in query, you need to use @ . Instead of filter value we are referring the column which we want to use for subetting or filtering. {0} takes a value of variable myvar1. Incase you want to pass multiple columns as variables in query.

Can we use Python variable in SQL query?

We often need to pass variables to SQL select query in where clause to check some conditions. In the user signup form user enter his/her details. You can take those values in Python variables and insert them into a table.

2 Answers

cursor.execute("INSERT INTO table VALUES (%s, %s, %s)", (var1, var2, var3))

Note that the parameters are passed as a tuple.

The database API does proper escaping and quoting of variables. Be careful not to use the string formatting operator (%), because

  1. it does not do any escaping or quoting.
  2. it is prone to Uncontrolled string format attacks e.g. SQL injection.
like image 84
Ayman Hourieh Avatar answered Oct 23 '22 12:10

Ayman Hourieh

Different implementations of the Python DB-API are allowed to use different placeholders, so you'll need to find out which one you're using -- it could be (e.g. with MySQLdb):

cursor.execute("INSERT INTO table VALUES (%s, %s, %s)", (var1, var2, var3))

or (e.g. with sqlite3 from the Python standard library):

cursor.execute("INSERT INTO table VALUES (?, ?, ?)", (var1, var2, var3))

or others yet (after VALUES you could have (:1, :2, :3) , or "named styles" (:fee, :fie, :fo) or (%(fee)s, %(fie)s, %(fo)s) where you pass a dict instead of a map as the second argument to execute). Check the paramstyle string constant in the DB API module you're using, and look for paramstyle at http://www.python.org/dev/peps/pep-0249/ to see what all the parameter-passing styles are!

like image 84
Alex Martelli Avatar answered Oct 23 '22 12:10

Alex Martelli
Sign in to Comment

Related questions

How to execute ipdb.set_trace() at will while running pytest tests
Platform independent path concatenation using "/" , "\"?
method of iterating over sqlalchemy model's defined columns?
Get an attribute value based on the name attribute with BeautifulSoup
Python strip with \n [duplicate]
Create a file if it doesn't exist
Convert number strings with commas in pandas DataFrame to float
Pandas df.to_csv("file.csv" encode="utf-8") still gives trash characters for minus sign
How to generate keyboard events?
How to create a user in Django?
How do I convert a list into a string with spaces in Python?
Python os.path.join on Windows
How to apply a logical operator to all elements in a python list
Python str vs unicode types
Getting name of windows computer running python script?
heapq with custom compare predicate
How to import a text file on AWS S3 into pandas without writing to disk
What is the difference between pandas.qcut and pandas.cut?
Django class-based view: How do I pass additional parameters to the as_view method?
How to create python bytes object from long hex string?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!