Am 28.02.17 um 18:28 schrieb Skip Montanaro:
Most of the time (well, all the time if you're smart), you let the
database adapter do parameter substitution for you to avoid SQL
injection attacks (or stupid users). So:
curs.execute("select * from mumble where key = ?", (key,))
If you want to select from several possible keys, it would be nice to
be able to do this:
curs.execute("select * from mumble where key in (?)", (keys,))
but that doesn't work.
Instead of building the query on the fly (with quoting hell etc.), you
could do it "the (theoretical) right way", which is using another table.
Insert your keys into a table, maybe temporary one, and then do
select * from mumble where key in (select key from keytable)
In theory that should also be faster, but unless you have a thousand
keys, there will be no noticeable difference.
Christian
--
https://mail.python.org/mailman/listinfo/python-list
