发表新帖
发表新帖

python list in sql query as parameter

后端 未结
关注
15 1423
耶瑟儿~
耶瑟儿~ 2020-11-22 09:39

I have a python list, say l

l = [1,5,8]

I want to write a sql query to get the data for all the elements of the list, say

s
相关标签:
15条回答
  • 甜味超标
    2020-11-22 09:44

    Solution for @umounted answer, because that broke with a one-element tuple, since (1,) is not valid SQL.:

    >>> random_ids = [1234,123,54,56,57,58,78,91]
>>> cursor.execute("create table test (id)")
>>> for item in random_ids:
    cursor.execute("insert into test values (%d)" % item)
>>> sublist = [56,57,58]
>>> cursor.execute("select id from test where id in %s" % str(tuple(sublist)).replace(',)',')'))
>>> a = cursor.fetchall()
>>> a
[(56,), (57,), (58,)]

    Other solution for sql string:

    cursor.execute("select id from test where id in (%s)" % ('"'+'", "'.join(l)+'"'))
    0 讨论(0)
  • 天命终不由人
    2020-11-22 09:45

    Answers so far have been templating the values into a plain SQL string. That's absolutely fine for integers, but if we wanted to do it for strings we get the escaping issue.

    Here's a variant using a parameterised query that would work for both:

    placeholder= '?' # For SQLite. See DBAPI paramstyle.
placeholders= ', '.join(placeholder for unused in l)
query= 'SELECT name FROM students WHERE id IN (%s)' % placeholders
cursor.execute(query, l)
    0 讨论(0)
  • 时光取名叫无心
    2020-11-22 09:45

    Just use inline if operation with tuple function:

    query = "Select * from hr_employee WHERE id in " % tuple(employee_ids) if len(employee_ids) != 1 else "("+ str(employee_ids[0]) + ")"
    0 讨论(0)
  • 半阙折子戏
    2020-11-22 09:46 
    placeholders= ', '.join("'{"+str(i)+"}'" for i in range(len(l)))
query="select name from students where id (%s)"%placeholders
query=query.format(*l)
cursor.execute(query)

    This should solve your problem.

    0 讨论(0)
  • 無奈伤痛
    2020-11-22 09:46

    If you're using PostgreSQL with the Psycopg2 library you can let its tuple adaption do all the escaping and string interpolation for you, e.g:

    ids = [1,2,3]
cur.execute(
  "SELECT * FROM foo WHERE id IN %s",
  [tuple(ids)])

    i.e. just make sure that you're passing the IN parameter as a tuple. if it's a list you can use the = ANY array syntax:

    cur.execute(
  "SELECT * FROM foo WHERE id = ANY (%s)",
  [list(ids)])

    note that these both will get turned into the same query plan so you should just use whichever is easier. e.g. if your list comes in a tuple use the former, if they're stored in a list use the latter.

    0 讨论(0)
  • 隐瞒了意图╮
    2020-11-22 09:48 
    l = [1] # or [1,2,3]

query = "SELECT * FROM table WHERE id IN :l"
params = {'l' : tuple(l)}
cursor.execute(query, params)

    The :var notation seems simpler. (Python 3.7)

    0 讨论(0)
 看不清?
提交回复
热议问题