paul wrote:
> Frank Millman schrieb:
> > If you want it to handle a variable number of values, you will have to
> > programmatically construct the sql statement with the appropriate
> > number of parameters.
Yes, I should have made it clear it was the variable part that was
hard.
> >>> vals = (1,
Frank Millman schrieb:
> If you want it to handle a variable number of values, you will have to
> programmatically construct the sql statement with the appropriate
> number of parameters.
>>> vals = (1,2,3,4,5)
>>> sql = "select * from table where value in ("+','.join("?"*len(vals))+")"
>>> print s
saniac wrote:
> I am working on a little project using pysqlite. It's going to be
> exposed on the web, so I want to make sure I quote all incoming data
> correctly. However, I've run into a brick wall trying to use parameters
> to populate a query of the form "select * where col1 in ( ? )"
>
> Th
saniac wrote:
> I am working on a little project using pysqlite. It's going to be
> exposed on the web, so I want to make sure I quote all incoming data
> correctly. However, I've run into a brick wall trying to use parameters
> to populate a query of the form "select * where col1 in ( ? )"
>
> Th
I am working on a little project using pysqlite. It's going to be
exposed on the web, so I want to make sure I quote all incoming data
correctly. However, I've run into a brick wall trying to use parameters
to populate a query of the form "select * where col1 in ( ? )"
The naive approach doesn't w