What does “:” stand for in a query? A bind variable. Bind variables allow a single SQL statement (whether a query or DML) to be re-used many times, which helps security (by disallowing SQL injection attacks) and performance (by reducing the amount of parsing required). How does it fetch the desired value? Before a query … Read more
You are misusing the binding. There are three different ways of binding variables with cx_Oracle as one can see here : 1) by passing a tuple to a SQL statement with numbered variables : sql = “select * from sometable where somefield = :1 and otherfield = :2” cur.execute(sql, (aValue, anotherValue)) 2) By passing keyword … Read more
Beware of using string interpolation for SQL queries, since it won’t escape the input parameters correctly and will leave your application open to SQL injection vulnerabilities. The difference might seem trivial, but in reality it’s huge. Incorrect (with security issues) c.execute(“SELECT * FROM foo WHERE bar = %s AND baz = %s” % (param1, param2)) … Read more