14

我正在尝试以...的形式执行查询

SELECT col2 FROM tab WHERE col1 IN (val1, val2, val3...)

...其中值存储在任意长度的 Python 列表/元组中。我似乎找不到一种“干净”的方式来做到这一点。

>>> db = connect(":memory:")
>>> db.execute("CREATE TABLE tab (col1 INTEGER, col2 TEXT)")
>>> db.execute("INSERT INTO tab VALUES(1,'one')")
>>> db.execute("INSERT INTO tab VALUES(2,'two')")
>>> db.execute("INSERT INTO tab VALUES(3,'three')")
>>> db.execute("INSERT INTO tab VALUES(4,'four')")
>>> db.execute("INSERT INTO tab VALUES(5,'five')")
>>> db.commit()

# Expected result
>>> db.execute("SELECT col2 FROM tab WHERE col1 IN (1,3,4)").fetchall()
[(u'one',), (u'three',), (u'four',)]

>>> vals = (1,3,4)

>>> db.execute("SELECT col2 FROM tab WHERE col1 IN (?)", vals).fetchall()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
sqlite3.ProgrammingError: Incorrect number of bindings supplied. The current statement uses 1, and there are 3 supplied.

>>> db.execute("SELECT col2 FROM tab WHERE col1 IN (?)", (vals,)).fetchall()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
sqlite3.InterfaceError: Error binding parameter 0 - probably unsupported type.

>>> db.execute("SELECT col2 FROM tab WHERE col1 IN (?)", (','.join(str(val) for val in vals),)).fetchall()
[]

>>>

现在我可以执行以下操作,(我认为......如果我错了请纠正我)保留了内置参数替换的安全性,但它仍然有点难看:

>>> db.execute("SELECT col2 FROM tab WHERE col1 IN (" + ",".join("?"*len(vals)) + ")", vals).fetchall()
[(u'one',), (u'three',), (u'four',)]
>>>

这是我最好的选择,还是有更好的解决方法?

4

2 回答 2

8

这是您最好的选择,无需使用额外的库。我过去当然不止一次地提倡过这种技术

你也可以改用 SQLAlchemy,它会为你生成 SQL,但这需要你爬上它的学习曲线并重写你的大部分应用程序。

于 2013-02-23T14:25:51.313 回答
2

一个简单而干净的解决方案是:

vals = [1,3,4]
cursor.execute('SELECT col2 FROM tab WHERE col1 IN {}'.format(str(tuple(vals))
于 2018-04-22T11:55:25.470 回答