Ask a Question

How to use variables in SQL statement in Python?

0 votes
1 view
in SQL by (20.3k points)

Ok, so I'm not that experienced in Python.

I have the following Python code:

cursor.execute("INSERT INTO table VALUES var1, var2, var3,")

where var1 is an integer, var2 & var3 are strings.

How can I write the variable names without python including them as part of the query text?

1 Answer

0 votes
by (40.4k points)

cursor.execute("INSERT INTO table VALUES (%s, %s, %s)", (var1, var2, var3))

Note that hehe the parameters are passed as a tuple.

The database API does proper escaping and quoting of variables. Be careful not to use the string formatting operator (%), because

It does not do any escaping or quoting.

It is prone to Uncontrolled string format attacks e.g. SQL injection.

Related questions

0 votes
1 answer
How do I use variables in Oracle SQL Developer?
asked Jul 25, 2019 in SQL by Tech4ever (20.3k points)
0 votes
1 answer
Not all parameters were used in the SQL statement (Python, MySQL)
asked Dec 16, 2020 in SQL by Appu (6.1k points)
Welcome to Intellipaat Community. Get your technical queries answered by top developers !


Categories

Browse Categories

Training

Tutorial

Intersting Findings

Trending Topics

Snow Theme by Q2A Market
Powered by Question2Answer
...