pyodbc – How to perform a select statement using a variable for a parameter

by

You are also able to parameterize statements:

...
cursor.execute("select * from Throughput where DeviceName = ?", data['DeviceName'])
...

This a better approach for the following reasons:

  • Protection against SQL injection (you should always validate user input regardless of whether parameterized or dynamic SQL is used)
  • You don’t have to worry about escaping where clause values with single quotes since parameters are passed to the database separately
  • SQL is prepared once, subsequent executions of the query use the prepared statement instead of recompiling

More Related Contents:

  1. PYODBC–Data source name not found and no default driver specified
  2. Get data from pandas into a SQL server with PYODBC
  3. pyodbc insert into sql
  4. How to see the real SQL query in Python cursor.execute using pyodbc and MS-Access
  5. python pandas to_sql with sqlalchemy : how to speed up exporting to MS SQL?
  6. pyodbc the sql contains 0 parameter markers but 1 parameters were supplied’ ‘hy000’
  7. Remote connection to MS SQL – Error using pyodbc vs success using SQL Server Management Studio
  8. How to make python create variables, without the user creating the variables?
  9. Check if input is empty
  10. What is the naming convention in Python for variable and function names?
  11. Python list doesn’t reflect variable change
  12. How can you print a variable name in python? [duplicate]
  13. What is the difference between class and instance variables?
  14. python class instance variables and class variables
  15. How to create a large pandas dataframe from an sql query without running out of memory?
  16. Passing table name as a parameter in psycopg2
  17. Getting the SQL from a Django QuerySet [duplicate]
  18. Two values from one input in python?
  19. Using a WHERE ___ IN ___ statement
  20. Django: Adding “NULLS LAST” to query
  21. return SQL table as JSON in python
  22. LEFT JOIN Django ORM
  23. Python, SQLAlchemy pass parameters in connection.execute
  24. How to log all sql queries in Django?
  25. How to get rows which match a list of 3-tuples conditions with SQLAlchemy
  26. Dynamic SQL Queries with Python and mySQL
  27. Why does foo = filter(…) return a , not a list? [duplicate]
  28. In Python, Using pyodbc, How Do You Perform Transactions?
  29. Connecting to SQL Server 2012 using sqlalchemy and pyodbc
  30. pyodbc.connect() works, but not sqlalchemy.create_engine().connect()

Leave a Comment