Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home > Database > Mysql Tutorial > How to Execute a Parameterized SQL Query Stored in a Variable in Python?

How to Execute a Parameterized SQL Query Stored in a Variable in Python?

DDD
Release: 2025-01-12 06:49:43
Original
896 people have browsed it

How to Execute a Parameterized SQL Query Stored in a Variable in Python?

Execute parameterized SQL queries stored in variables in Python

When dealing with SQL queries in Python, it is crucial to use parameterized queries to prevent SQL injection. This involves replacing parameter placeholders (for example, '%s') with variables containing actual values.

A common question is whether it is possible to store a parameterized SQL query in a variable and then execute it. Let's explore the syntax and how to achieve this.

Question

Consider the following Python code: 

<code class="language-python">sql = "INSERT INTO table VALUES (%s, %s, %s)", var1, var2, var3
cursor.execute(sql)</code>
Copy after login

Unfortunately, this code throws an error because cursor.execute() accepts up to three parameters: query string and optional parameters. In this example, we have four parameters, represented by the tuple (sql, var1, var2, var3).

Solution

There are two ways to execute parameterized SQL queries from variables:

Method 1: Expand parameters

We can expand the parameters of the tuple containing the query and parameters into cursor.execute(): 

<code class="language-python">sql_and_params = "INSERT INTO table VALUES (%s, %s, %s)", var1, var2, var3
cursor.execute(*sql_and_params)</code>
Copy after login

This expands the tuple to four parameters, but this may seem clumsy.

Method 2: Separate query and parameters

For clarity, it is best to separate the SQL query and parameters into two variables: 

<code class="language-python">sql = "INSERT INTO table VALUES (%s, %s, %s)"
args = (var1, var2, var3)
cursor.execute(sql, args)</code>
Copy after login

This approach is more concise and easier to read and maintain.

Conclusion

In summary, when executing a parameterized SQL query from variables in Python, you need to expand the parameters or separate the query and parameters into different variables. The second method is usually recommended because it is simpler and more straightforward.

The above is the detailed content of How to Execute a Parameterized SQL Query Stored in a Variable in Python?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Previous article:How Can I Effectively Concatenate Columns in PostgreSQL SELECT Queries? Next article:How to Replicate SQL's DENSE_RANK() Function in Pandas?
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
3
2451
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
11
2596
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
2187
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
2063
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
2165
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template