Postgres Pro
Downloads
Home   >   mailing lists

Re: Unpacking a Python list in a query. - Mailing list psycopg

From David Niergarth
Subject Re: Unpacking a Python list in a query.
Date
Msg-id BANLkTinV5UoDcxxwkiNRp3XOJGfcUwPuLg@mail.gmail.com
Whole thread Raw
In response to Re: Unpacking a Python list in a query.  (Israel Ben Guilherme Fonseca <israel.bgf@gmail.com>)
List psycopg
Tree view
Actually, a list or a tuple will work just fine.

  >>> cursor.execute("UPDATE foobartable SET name = %s where name = %s;", ['Ham', 'HAM'])

  >>> cursor.execute("UPDATE foobartable SET name = %s where name = %s;", ('Spam', 'SPAM'))

It's string interpolation (which you want to avoid in cursor.execute()) that requires a list.

>>> '%s %s' % ('spam', 'eggs')
'spam eggs'

  >>> '%s %s' % ['spam', 'eggs']
  Traceback (most recent call last):
    File "<console>", line 1, in <module>
  TypeError: not enough arguments for format string

You can also use a dictionary.

  >>> cursor.execute("UPDATE foobartable SET name = %(new_name)s where name = %(old_name)s;", dict(new_name='Eggs', old_name='EGGS'))

--David

On Fri, Jun 24, 2011 at 2:25 PM, Israel Ben Guilherme Fonseca <israel.bgf@gmail.com> wrote:
"UPDATE foobartable SET name = 'FooBar' WHERE name in (%s)"

And pass your list as a parameter (it must be a tuple).

execute("UPDATE foobartable SET name = 'FooBar' WHERE name in (%s)", (tuple(yourlist),))

That should work.


2011/6/24 Sukhbir Singh <singheinstein@gmail.com>
Hi,

I am using the psycopg2 adapter on Python 2.6.

There was a requirement to automate certain UPDATE queries, so I
designed the program in such a way that the end of the queries are in
a list. I will illustrate with an example.

The query is:

    UPDATE foobartable SET name = 'FooBar' WHERE name = %s OR name = %s

And say I have a list:

    ["Foo", "Bar"]

So, I want to execute the complete query as: substituting element by
element from the list for each %s:

   UPDATE foobartable SET name = 'FooBar' WHERE name = 'Foo' OR name = 'Bar'

The question is: how do I pass this list to the query?

I tried using the format method and list unpacking (*list) and it
works. But the docs recommend otherwise: "Warning Never, never, NEVER
use Python string concatenation (+) or string parameters interpolation
(%) to pass variables to a SQL query string. Not even at gunpoint"
This is what I did:

   curr.execute("UPDATE foobartable SET name='FooBar' WHERE
name='{0}' or name='{1}';".format(*list))

... which I am certain is wrong.

How can I get this working with something safe and the recommended way
of doing it?

--
Sukhbir.

--
Sent via psycopg mailing list (psycopg@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/psycopg


psycopg by date:

Previous
From: Sukhbir Singh
Date:
Subject: Re: Unpacking a Python list in a query.
Next
From: Israel Ben Guilherme Fonseca
Date:
Subject: Re: Unpacking a Python list in a query.