Imploding a list for use in a Python MySQL IN clause

by

Use the list_of_ids directly:

format_strings=",".join(['%s'] * len(list_of_ids))
cursor.execute("DELETE FROM foo.bar WHERE baz IN (%s)" % format_strings,
                tuple(list_of_ids))

That way you avoid having to quote yourself, and avoid all kinds of sql injection.

Note that the data (list_of_ids) is going directly to mysql’s driver, as a parameter (not in the query text) so there is no injection. You can leave any chars you want in the string, no need to remove or quote chars.

More Related Contents:

  1. Python read from txt and save into mysql
  2. Lost connection to MySQL server during query
  3. How to install Python MySQLdb module using pip?
  4. Does Python support MySQL prepared statements?
  5. How to convert SQL Query result to PANDAS Data Structure?
  6. How do I get the “id” after INSERT into MySQL database with Python?
  7. Escape string Python for MySQL
  8. How to install MySQLdb (Python data access library to MySQL) on Mac OS X?
  9. pip install mysqlclient returns “fatal error C1083: Cannot open file: ‘mysql.h’: No such file or directory
  10. Cannot return results from stored procedure using Python cursor
  11. How do I get a raw, compiled SQL query from a SQLAlchemy expression?
  12. Inserting a Python datetime.datetime object into MySQL
  13. MySQL — Joins Between Databases On Different Servers Using Python?
  14. How to retrieve SQL result column value using column name in Python?
  15. Using a Python dict for a SQL INSERT statement
  16. Bulk insert with SQLAlchemy ORM
  17. RuntimeError: working outside of application context
  18. Insert list into my database using Python [duplicate]
  19. Print the actual query MySQLdb runs?
  20. MySQL Improperly Configured Reason: unsafe use of relative path
  21. Python Pandas to_sql, how to create a table with a primary key?
  22. Speeding (Bulk) Insert into MySQL with Python
  23. MySQL Connector could not process parameters
  24. How do i cast char to integer while querying in django ORM?
  25. flake8 complains on boolean comparison “==” in filter clause
  26. How to use python mysqldb to insert many rows at once
  27. Using .aggregate() on a value introduced using .extra(select={…}) in a Django Query?
  28. django.core.exceptions.ImproperlyConfigured: Error loading MySQLdb module: No module named MySQLdb
  29. ‘pip install MySQL-python’ fails with ‘IndexError’
  30. How to insert / retrieve a file stored as a BLOB in a MySQL db using python

Leave a Comment