2

I have one problem when i try to execute that simple request :

params['_filter_items'] = (12345)

sql = """ SELECT * FROM items
          WHERE items.items IN %(_filter_items)s"""
# session is a db session of sqlAlchemy
query = session.execute(sql % params)

it will generate : 

SELECT * FROM items
WHERE items.items IN 12345

without () when i have more than one item it's ok; i can touch the request; but i was wondered if there are another way to resolve it.

Anouar Mokhtari
  • 2,084
  • 4
  • 23
  • 23

3 Answers3

4

  • this object

    (12345)

    is the same as

    12345

    but it looks like you need tuple with single element 12345, it can be done with comma

    (12345,)

  • we should avoid inserting of parameters by ourselves:

    session.execute(sql % params)

    let's delegate this work to SQLAlchemy & database drivers and pass parameters as argument to execute:

    session.execute(sql, params)

try

params['_filter_items'] = (12345,)

sql = """ SELECT * FROM items
          WHERE items.items IN %(_filter_items)s"""
# session is a db session of sqlAlchemy
query = session.execute(sql, params)
Azat Ibrakov
  • 9,998
  • 9
  • 38
  • 50
0

Line of code params['_filter_items'] = (12345) resolves by Python interpreter into params['_filter_items'] = 12345. It means in your code (12345) it is int, not a tuple. To use a tuple you have to write params['_filter_items'] = (12345, ).

Dmitry
  • 2,026
  • 1
  • 18
  • 22
0

You should take a look at this SQLAlchemy in clause for a more secure way of doing this.

webjunkie
  • 1,184
  • 9
  • 19