stackoom
  简体   繁体   中英

Dynamically Generating SQL Queries with Python and SQLite3

 原文  2013-09-07 14:35:10       python/ sql/ sqlite

Question

Below is a generalisation of my problem:

Consider the table 

    ID    A    B    C
r1  1     1    0    1
.   .     .    .    .
.   .     .    .    .
.   .     .    .    .
rN  N     1    1    0

Where the columns A,B,C contain either 0 or 1 . I am trying to write a python function that takes a list of permutations of 0 's and 1 's, generates a query that will passed to SQLite3 that then counts the number of records that have A,B,C in one of these permutations.

For example if I passed the following list to my function permList = [[1,0,1],[1,0,0]] , then it would count all records with the [A,B,C] combination as either [1,0,1] or [1,0,0] .

Currently I am doing it like this 

def permCount(permList):
    SQLexpression = "SELECT Count(*) FROM Table WHERE "

    for i in range(len(permList)):
        perm = permList[i]
        SQLexpression += "(A=" + str(perm[0]) + " AND B=" + str(perm[1]) + 
                      " AND C=" + str(perm[2]) + ")"
        if i!=len(permList)-1:
            SQLexpression += " OR "

    *Execute SQLexpression and return answer*

Now this is fine but it seems like a bit of a fiddle. Is there a better way to dynamically generate the SQL queries where the length of input permList is unknown?

2 answers

solution1
 11 ACCPTED  2013-09-07 14:45:24

def permCount(permList):
    condition = ' OR '.join(['(A=? AND B=? AND C=?)' 
                             for row in permList])
    sql = "SELECT Count(*) FROM Table WHERE {c}".format(
        c=condition)
    args = sum(permList, [])
    cursor.execute(sql, args)

Use parametrized SQL . That means instead of inserting the values with string formatting, use placemarkers (eg ? ), and then supply the arguments as the second argument to cursor.execute .

This is easier code and prevents SQL injection .

solution2
 1  2013-09-07 15:25:06

Try these changes in your main for loop, to make use of pythons generators and list comprehension features. 

def permCount(permList):

SQLexpression = "SELECT Count(*) FROM Table WHERE "

for perm in permList:    # if you need the i for other reason, you could write:
                         # for i, perm in enumerate(permList)

    a, b, c = [str(_) for _ in perm]

    SQLexpression += "(A=" + a + " AND B=" + b + \
                  " AND C=" + c + ") OR "

SQLexpression = SQLexpression[:-4] + ";"   # Trim the last " OR "

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Python sqlite3 extra character in queries result python sqlite3 execute multiple select queries Using sqlite3 queries in python functions Is the Python sqlite3 module bugged and slow when it comes to SQL queries that start with comments? Python sqlite3 how to dynamically search for null SQLite3 Queries SQL strftime with python and sqlite3 returns None Is this Python code vulnerable to SQL injection? (SQLite3) Translating a complicated SQL query to python 2 for SQLite3 Python: T-SQL EQuivalent for Sqlite3?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM