2

I need to pass a batch of parameters to mysql in python. Here is my code:

sql = """ SELECT * from my_table WHERE name IN (%s) AND id=%(Id)s AND puid=%(Puid)s"""

params = {'Id':id,'Puid'  : pid}
in_p=', '.join(list(map(lambda x: '%s', names)))
sql = sql %in_p

cursor.execute(sql, names) #todo: add params to sql clause

The problem is I want to pass the name list to sql IN clause, meanwhile I also want to pass the id and puid as parameters to the sql query clause. How do I implement these in python?

Dharman
  • 30,962
  • 25
  • 85
  • 135
Jensz
  • 89
  • 1
  • 1
  • 10

2 Answers2

6

Think about the arguments to cursor.execute that you want. You want to ultimately execute

cursor.execute("SELECT * FROM my_table WHERE name IN (%s, %s, %s) AND id = %s AND puid = %s;", ["name1", "name2", "name3", id, pid])

How do you get there? The tricky part is getting the variable number of %ss right in the IN clause. The solution, as you probably saw from this answer is to dynamically build it and %-format it into the string.

in_p = ', '.join(list(map(lambda x: '%s', names)))
sql = "SELECT * FROM my_table WHERE name IN (%s) AND id = %s AND puid = %s;" % in_p

But this doesn't work. You get:

TypeError: not enough arguments for format string

It looks like Python is confused about the second two %ss, which you don't want to replace. The solution is to tell Python to treat those %ss differently by escaping the %:

sql = "SELECT * FROM my_table WHERE name IN (%s) AND id = %%s AND puid = %%s;" % in_p

Finally, to build the arguments and execute the query:

args = names + [id, pid]
cursor.execute(sql, args)
Community
  • 1
  • 1
univerio
  • 19,548
  • 3
  • 66
  • 68
-1
sql = """ SELECT * from my_table WHERE name IN (%s) AND id=%(Id)s AND puid=%(Puid)s""".replace("%s", "%(Clause)s")
print sql%{'Id':"x", 'Puid': "x", 'Clause': "x"}

This can help you.

Leviathan
  • 32
  • 5