Python pymssql executemany delete where value in list

Question

I am using python 2.7 to perform CRUD operations on a MS SQL 2012 DB.

I have a list of IDs called "ComputerIDs".

I want to run a query that deletes all records in the database where the ID is equal to one of the IDs in the list.

I have tried the following but it does not seem to work.

cursor.executemany("DELETE FROM Computer WHERE ID=%s", ComputerIDs)

Shijo · Answer 1 · 2017-01-11T21:28:53.770

0

sql='DELETE FROM Computer WHERE ID  IN (%s)' 
 inlist=', '.join(map(lambda x: '%s', ComputerIDs))
sql = sql % inlist
cursor.execute(sql, ComputerIDs)

edited Jan 11 '17 at 21:28

answered Jan 11 '17 at 21:21

Shijo

Thanks. I would rather not use lambda if possible. Are there any other possible solutions that are parameterized properly? Thanks! – pengz Jan 12 '17 at 16:59

score 0 · Answer 2 · answered Jan 12 '17 at 17:08

0

I was able to resolve the issue.

query_string = "DELETE FROM Computer WHERE ID = %s"
cursor.executemany(query_string, ComputerIDs)

Can anyone tell me if this query is parameterized properly and safe from SQL injection?

answered Jan 12 '17 at 17:08

pengz

1

http://stackoverflow.com/a/7929438/6626530 Refer this answer to know more about sql injection – Shijo Jan 12 '17 at 18:04

2 Answers2