Python challenging string encoding

Question

I have the following list of providers (in Russian):

providers = [u\'\\u041e\\u041e\\u041e \"\\u041a\\u0432\\u0430\\u0440\\u0442\\u0430\\u043b 
            \\u04         


        

Answer 1

You should not use .format() to include values in a sql query. Use sql parameters instead:

sql += " WHERE provider IN ({}) GROUP BY date ORDER BY date ASC".format(', '.join(['%s'] * len(providers)))

cursor.execute(sql, providers)

where providers is the original list.

The idea is to generate a SQL query with the in test using SQL parameter syntax matching the number of providers in your list: WHERE provider in (%s, %s) ... for a two-provider list. Yes, the MySQLdb sql parameter syntax echoes the old-style python formatting syntax, but is not the same thing.