How can I format strings to query with mysqldb in Python?

python string mysql
13,078

Solution 1

paramstyle
Parameter placeholders can only be used to insert column values. They can not be used for other parts of SQL, such as table names, statements, etc.

Solution 2

%s placeholders inside query string are reserved for parameters. %s in 'order by %s %s' are not parameters. You should make query string in 2 steps:

query = """SELECT * FROM sometable order by %s %s limit %%s, %%s;"""
query = query % ('somecol', 'DESC')
conn = app_globals.pool.connection()
cur = conn.cursor()
cur.execute(query, (limit1, limit2) ) 
results = cur.fetchall()

DO NOT FORGET to filter first substitution to prevent SQL-injection possibilities

Share:
13,078
Daniel
Author by

Daniel

Updated on June 27, 2022

Comments

  • Daniel
    Daniel almost 2 years

    How do I do this correctly:

    I want to do a query like this:

    query = """SELECT * FROM sometable 
                    order by %s %s 
                    limit %s, %s;"""
conn = app_globals.pool.connection()
cur = conn.cursor()
cur.execute(query, (sortname, sortorder, limit1, limit2) ) 
results = cur.fetchall()

    All works fine but the order by %s %s is not putting the strings in correctly. It is putting the two substitutions in with quotes around them.

    So it ends up like: 

    ORDER BY 'somecol' 'DESC'

    Which is wrong should be: 

    ORDER BY somecol DESC

    Any help greatly appreciated!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Python: Convert tuple to comma separated String
ProgrammingError: (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax
Python : Comparing two times, and returning in minutes
Upgraded to OSX 10.11 El Capitan, now cannot use MySQL with Python/Django
(flask) python - mysql - using where clause in a select query with variable from URL
Fastest way to read huge MySQL table in python
Python - How to parse and save JSON to MYSQL database
MySQL: Convert String to Float/Decimal in german language
Python pandas to_sql 'append'
Add string to mysql result