0

I couldnot find this anywhere , so asking it here.

Say I have a query such as 

SELECT * from TABLE WHERE col in ('a', 'b', 'c', .......);

This data is provided by list of strings and it is quite huge with length more than 100. What is efficient way of parameter binding in such scenario.

I am currently doing 

'SELECT * from TABLE WHERE col in {0}'.format(str(tuple(LIST_OF_DATA)))

Another way I could think of is prepare a bind string with length of list such as ','.join(itertools.repeat("%s", len(LIST_OF_DATA))) and concatenate to query.

Is there any other way other than these to bind with in query a list of data ?

Gord Thompson
  • 116,920
  • 32
  • 215
  • 418
sagarchalise
  • 992
  • 8
  • 14
  • Don't use string formatting, it's an SQL injection risk. Did you research this? – roganjosh Oct 05 '18 at 18:44
  • I did look into documentation and did search for it. Obviously, I wouldn't go for formatting but couldn't find proper way to do this. I know the second process of preparing the bind data is better but I want to know if there is something better that I donot know of. – sagarchalise Oct 05 '18 at 18:52

0 Answers0