Intellipaat Back

Explore Courses Blog Tutorials Interview Questions

How to use variables in SQL statement in Python?

0 votes
2 views
in SQL by (20.3k points)

Ok, so I'm not that experienced in Python.

I have the following Python code:

cursor.execute("INSERT INTO table VALUES var1, var2, var3,")

where var1 is an integer, var2 & var3 are strings.

How can I write the variable names without python including them as part of the query text?

1 Answer

0 votes
by (40.7k points)

cursor.execute("INSERT INTO table VALUES (%s, %s, %s)", (var1, var2, var3))

Note that hehe the parameters are passed as a tuple.

The database API does proper escaping and quoting of variables. Be careful not to use the string formatting operator (%), because

It does not do any escaping or quoting.

It is prone to Uncontrolled string format attacks e.g. SQL injection.

Enroll yourself in the SQL server certification to learn in-depth about SQL statements, queries and become proficient in SQL.

You can refer to our Python online course for more information.

Related questions

0 votes
1 answer
How do I use variables in Oracle SQL Developer?
asked Jul 25, 2019 in SQL by Tech4ever (20.3k points)
0 votes
2 answers
Not all parameters were used in the SQL statement (Python, MySQL)
asked Dec 16, 2020 in SQL by Appu (6.1k points)

31k questions

32.8k answers

501 comments

693 users

Browse Categories

© COPYRIGHT 2011-2024 INTELLIPAAT.COM. ALL RIGHTS RESERVED.

...