I want to write an sql openquery in python. The normal sql queries I was writing like:
sql_query = select name from emp where id= %s
And I was executing it like: cursor.execute(sql_query, (id_value,))
And It works well.
But, Now I have an openquery which is something like:
sql_query = select * from openquery([LS], 'select name from \"DB\"."view" where \"id\" Like %s')
If I execute with: cursor.execute(sql_query, (id_value,))
I will get an error saying:
SQL contains 0 parameter markers but 1 parameter is supplied.
I understand this error is coming because %s is specified inside a single quoted query. But I can't remove that single quotes because the query is not working without it in SQL server itself.
I have tried to run the query with:
cursor.execute(sql_query % (id_value))
And it works. But I dont want to use this because this format is prone to SQL injection.
So, how can I write a secure parameterized openquery in python.
Please, remove extra comma(",") after in parameter block after "id_value":
sql_query = select * from openquery([LS], 'select name from \"DB\"."view" where \"id\" Like %s')
cursor.execute(sql_query, (id_value))
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.