Ufdjrw

How much radiation do nuclear physics experiments expose researchers to nowadays?

G-Code for resetting to 100% speed

Why don't the Weasley twins use magic outside of school if the Trace can only find the location of spells cast?

Why is "Captain Marvel" translated as male in Portugal?

Do I really need recursive chmod to restrict access to a folder?

Can a non-EU citizen traveling with me come with me through the EU passport line?

What is the correct way to use the pinch test for dehydration?

Did Kevin spill real chili?

What causes the vertical darker bands in my photo?

Models of set theory where not every set can be linearly ordered

How to bypass password on Windows XP account?

If 'B is more likely given A', then 'A is more likely given B'

How to recreate this effect in Photoshop?

Should I call the interviewer directly, if HR aren't responding?

Why does Python start at index -1 when indexing a list from the end?

Storing hydrofluoric acid before the invention of plastics

How to find all the available tools in macOS terminal?

When -s is used with third person singular. What's its use in this context?

How do I stop a creek from eroding my steep embankment?

When is phishing education going too far?

Do you forfeit tax refunds/credits if you aren't required to and don't file by April 15?

How to draw this diagram using TikZ package?

What is a Meta algorithm?

Can Pao de Queijo, and similar foods, be kosher for Passover?

Using sqlite3 DB-API multiple parameter substitution in SELECT statements

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

Given:

letters = list("abc")

I'd like to get all rows in characters that contain any of the letters in letters in their c column. I can do this, but only with python's string operations, which isn't suitable given it's vulnerabilities.

Ideally (my example is simplified) this would be using the GLOB clause.

E.g.

>>> cur.execute(**the statement here**)
>>> print(cur.fetchall())
>>> [('a',), ('b',), ('c',)]

Creation of the db:

import sqlite3
import string

def char_generator():
 for c in string.ascii_lowercase:
 yield (c,)

con = sqlite3.connect(":memory:")
cur = con.cursor()
cur.execute("create table characters(c)")

cur.executemany("insert into characters(c) values (?)", char_generator())

python sqlite3

share|improve this question

asked Mar 8 at 16:14

DaveDave

1158

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I don't think it's quite a dupe, but this question might help.
  
  – glibdud
  Mar 8 at 16:28
  

  
  
  
  

add a comment | 

0

Given:

letters = list("abc")

I'd like to get all rows in characters that contain any of the letters in letters in their c column. I can do this, but only with python's string operations, which isn't suitable given it's vulnerabilities.

Ideally (my example is simplified) this would be using the GLOB clause.

E.g.

>>> cur.execute(**the statement here**)
>>> print(cur.fetchall())
>>> [('a',), ('b',), ('c',)]

Creation of the db:

import sqlite3
import string

def char_generator():
 for c in string.ascii_lowercase:
 yield (c,)

con = sqlite3.connect(":memory:")
cur = con.cursor()
cur.execute("create table characters(c)")

cur.executemany("insert into characters(c) values (?)", char_generator())

python sqlite3

share|improve this question

asked Mar 8 at 16:14

DaveDave

1158

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I don't think it's quite a dupe, but this question might help.
  
  – glibdud
  Mar 8 at 16:28
  

  
  
  
  

add a comment | 

Given:

letters = list("abc")

I'd like to get all rows in characters that contain any of the letters in letters in their c column. I can do this, but only with python's string operations, which isn't suitable given it's vulnerabilities.

Ideally (my example is simplified) this would be using the GLOB clause.

E.g.

>>> cur.execute(**the statement here**)
>>> print(cur.fetchall())
>>> [('a',), ('b',), ('c',)]

Creation of the db:

import sqlite3
import string

def char_generator():
 for c in string.ascii_lowercase:
 yield (c,)

con = sqlite3.connect(":memory:")
cur = con.cursor()
cur.execute("create table characters(c)")

cur.executemany("insert into characters(c) values (?)", char_generator())

python sqlite3

share|improve this question

asked Mar 8 at 16:14

DaveDave

1158

letters = list("abc")

>>> cur.execute(**the statement here**)
>>> print(cur.fetchall())
>>> [('a',), ('b',), ('c',)]

import sqlite3
import string

def char_generator():
 for c in string.ascii_lowercase:
 yield (c,)

con = sqlite3.connect(":memory:")
cur = con.cursor()
cur.execute("create table characters(c)")

cur.executemany("insert into characters(c) values (?)", char_generator())

share|improve this question

asked Mar 8 at 16:14

DaveDave

1158

share|improve this question

asked Mar 8 at 16:14

DaveDave

1158

asked Mar 8 at 16:14

DaveDave

1158

asked Mar 8 at 16:14

DaveDave

1158

1 Answer
1

active

oldest

votes

1

Maybe this sample can help you.

import sqlite3
import string

def char_generator():
 for c in string.ascii_lowercase:
 yield (c,)


con = sqlite3.connect(":memory:")

def initdb():
 cur = con.cursor()
 cur.execute("create table characters(c)")

 cur.executemany("insert into characters(c) values (?)", char_generator())

def search(value):
 values = [c for c in value]
 cur = con.cursor()
 cur.execute('SELECT * FROM characters WHERE c IN (0)'.format(','.join(['?' for c in values])), values)
 return cur.fetchall()


if __name__ == '__main__':
 initdb()
 print(search("abcde"))

This code uses parameters. So you do not need to worry about SQL Injection.

share|improve this answer

answered Mar 8 at 17:03

andercruzbrandercruzbr

33619

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55067006%2fusing-sqlite3-db-api-multiple-parameter-substitution-in-select-statements%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

Maybe this sample can help you.

import sqlite3
import string

def char_generator():
 for c in string.ascii_lowercase:
 yield (c,)


con = sqlite3.connect(":memory:")

def initdb():
 cur = con.cursor()
 cur.execute("create table characters(c)")

 cur.executemany("insert into characters(c) values (?)", char_generator())

def search(value):
 values = [c for c in value]
 cur = con.cursor()
 cur.execute('SELECT * FROM characters WHERE c IN (0)'.format(','.join(['?' for c in values])), values)
 return cur.fetchall()


if __name__ == '__main__':
 initdb()
 print(search("abcde"))

This code uses parameters. So you do not need to worry about SQL Injection.

share|improve this answer

answered Mar 8 at 17:03

andercruzbrandercruzbr

33619

add a comment | 

1

Maybe this sample can help you.

import sqlite3
import string

def char_generator():
 for c in string.ascii_lowercase:
 yield (c,)


con = sqlite3.connect(":memory:")

def initdb():
 cur = con.cursor()
 cur.execute("create table characters(c)")

 cur.executemany("insert into characters(c) values (?)", char_generator())

def search(value):
 values = [c for c in value]
 cur = con.cursor()
 cur.execute('SELECT * FROM characters WHERE c IN (0)'.format(','.join(['?' for c in values])), values)
 return cur.fetchall()


if __name__ == '__main__':
 initdb()
 print(search("abcde"))

This code uses parameters. So you do not need to worry about SQL Injection.

share|improve this answer

answered Mar 8 at 17:03

andercruzbrandercruzbr

33619

add a comment | 

Maybe this sample can help you.

import sqlite3
import string

def char_generator():
 for c in string.ascii_lowercase:
 yield (c,)


con = sqlite3.connect(":memory:")

def initdb():
 cur = con.cursor()
 cur.execute("create table characters(c)")

 cur.executemany("insert into characters(c) values (?)", char_generator())

def search(value):
 values = [c for c in value]
 cur = con.cursor()
 cur.execute('SELECT * FROM characters WHERE c IN (0)'.format(','.join(['?' for c in values])), values)
 return cur.fetchall()


if __name__ == '__main__':
 initdb()
 print(search("abcde"))

This code uses parameters. So you do not need to worry about SQL Injection.

share|improve this answer

answered Mar 8 at 17:03

andercruzbrandercruzbr

33619

import sqlite3
import string

def char_generator():
 for c in string.ascii_lowercase:
 yield (c,)


con = sqlite3.connect(":memory:")

def initdb():
 cur = con.cursor()
 cur.execute("create table characters(c)")

 cur.executemany("insert into characters(c) values (?)", char_generator())

def search(value):
 values = [c for c in value]
 cur = con.cursor()
 cur.execute('SELECT * FROM characters WHERE c IN (0)'.format(','.join(['?' for c in values])), values)
 return cur.fetchall()


if __name__ == '__main__':
 initdb()
 print(search("abcde"))

share|improve this answer

answered Mar 8 at 17:03

andercruzbrandercruzbr

33619

answered Mar 8 at 17:03

andercruzbrandercruzbr

33619

answered Mar 8 at 17:03

andercruzbrandercruzbr

33619