Formatting sql %like%
Question
I am trying to do the following query:
select count(*) from video where territories like %ZW%
Here is what I currently have, but it's raising an error:
for territory_code in ALL_TERRITORIES:
sql = "select count(*) from video where territories like %{}%".format(territory_code)
cursor.execute(sql)
What am I doing wrong here, and how would I properly escale the %% ?
4 answers
solution1
2 ACCPTED 2014-01-27 00:48:44
An even better way to do this is as follows:
sql = "select count(*) from video where territories like %s"
cursor.execute(sql, ('%' + territory + '%',))
With this approach, you will be able to parameterize your query without worrying about escapes and, more importantly, without worrying about security vulnerabilities .
solution2
1 2014-01-27 00:44:58
他们这样做,你需要一个带单引号的文字字符串。
select count(*) from video where territories like '%ZW%'
solution3
0 2014-01-27 00:46:22
也许你可以在之后使用简单的引号:
"select count(*) from video where territories like '%{}%'"
solution4
0 2014-01-27 00:46:52
you are missing '' single quotes around the %%. Use this instead:
"select count(*) from video where territories like '%{}%'"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.