Re: correct parameter usage for "select * where id in ..."

2006-10-28 Thread saniac
paul wrote: > Frank Millman schrieb: > > If you want it to handle a variable number of values, you will have to > > programmatically construct the sql statement with the appropriate > > number of parameters. Yes, I should have made it clear it was the variable part that was hard. > >>> vals = (1,

Re: correct parameter usage for "select * where id in ..."

2006-10-28 Thread paul
Frank Millman schrieb: > If you want it to handle a variable number of values, you will have to > programmatically construct the sql statement with the appropriate > number of parameters. >>> vals = (1,2,3,4,5) >>> sql = "select * from table where value in ("+','.join("?"*len(vals))+")" >>> print s

Re: correct parameter usage for "select * where id in ..."

2006-10-28 Thread Frank Millman
saniac wrote: > I am working on a little project using pysqlite. It's going to be > exposed on the web, so I want to make sure I quote all incoming data > correctly. However, I've run into a brick wall trying to use parameters > to populate a query of the form "select * where col1 in ( ? )" > > Th

Re: correct parameter usage for "select * where id in ..."

2006-10-28 Thread Steve Holden
saniac wrote: > I am working on a little project using pysqlite. It's going to be > exposed on the web, so I want to make sure I quote all incoming data > correctly. However, I've run into a brick wall trying to use parameters > to populate a query of the form "select * where col1 in ( ? )" > > Th

correct parameter usage for "select * where id in ..."

2006-10-28 Thread saniac
I am working on a little project using pysqlite. It's going to be exposed on the web, so I want to make sure I quote all incoming data correctly. However, I've run into a brick wall trying to use parameters to populate a query of the form "select * where col1 in ( ? )" The naive approach doesn't w