tags:

views:

1293

answers:

5
+2  Q: 

Automagically expanding a Python list with formatted output

Does anyone know if there's a way to automatically expand a list in Python, separated by commas? I'm writing some Python code that uses the MySQLdb library, and I'm trying to dynamically update a list of rows in a MySQL database with certain key values.

For instance, in the code below, I'd like to have the numeric values in the record_ids list expand into a SQL "IN" clause.

import MySQLdb
record_ids = [ 23, 43, 71, 102, 121, 241 ]

mysql = MySQLdb.connect(user="username", passwd="secret", db="apps")
mysql_cursor = mysql.cursor()

sqlStmt="UPDATE apps.sometable SET lastmod=SYSDATE() where rec_id in ( %s )"

mysql_cursor.execute( sqlStmt, record_ids )
mysql.commit()

Any help would be appreciated!

+10  A: 

try:

",".join( map(str, record_ids) )

",".join( list_of_strings ) joins a list of string by separating them with commas

if you have a list of numbers, map( str, list ) will convert it to a list of strings

hasen j  2008-11-24 22:06:59
Thanks, this did the trick!
m0j0  2008-11-24 22:23:19
+2  A: 

Further to the given answers, note that you may want to special case the empty list case as "where rec_id in ()" is not valid SQL, so you'll get an error.

Also be very careful of building SQL manually like this, rather than just using automatically escaped parameters. For a list of integers, it'll work, but if you're dealing with strings received from user input, you open up a huge SQL injection vulnerability by doing this.

Brian  2008-11-24 22:53:27
+1 Please Use Bind Variables. http://stackoverflow.com/questions/1973/what-is-the-best-way-to-avoid-sql-injection-attacks
S.Lott  2008-11-24 23:10:36
This will only be reading data from a database and updating data. It will never be using data entered from the Internet.
m0j0  2008-11-24 23:14:24
Careful: lots of data in databases is ultimately entered by users. Even if your case is perfectly safe, some later corder with a similar problem may decide to copy existing code. It's a good idea to care about these things even when its safe. Better to reinforce and exhibit good habits than bad.
Brian  2008-11-25 09:42:39
+1  A: 

I do stuff like this (to ensure I'm using bindings):

sqlStmt=("UPDATE apps.sometable SET lastmod=SYSDATE() where rec_id in (%s)"
    % ', '.join(['?' for n in record_ids]))

mysql_cursor.execute(sqlStmt, record_ids)
mysql.commit()

This works for all dynamic lists you want to bind without leaving you susceptible to SQL injection attacks.

Dustin  2008-11-24 23:09:46
I don't think question marks work for MySQL bindings.
m0j0  2008-11-25 15:26:32
That is the downside of python's DB API. I've done the above for sqlite and postgres, but it's up to the driver to decide how bindings work. The same principle applies, though. Generate bindings, and feed in the data.
Dustin  2008-11-25 18:26:14
A: 

Slightly different alternative to Dustin's answer:

sqlStmt=("UPDATE apps.sometable SET lastmod=SYSDATE() where rec_id in (%s)"
    % ', '.join(['?' * len(record_ids])))
Dave  2008-11-25 18:11:38
That doesn't expand properly, but this does: ', '.join('?' * len(record_ids)) -- I kind of like that, though it feels slightly wrong.
Dustin  2008-11-25 18:28:24
A: 

Alternitavely, using replace:

sqlStmt="UPDATE apps.sometable SET lastmod=SYSDATE() where rec_id in " +
    record_ids.__str__().replace('[','(').replace(']',')')
Joao  2010-06-30 05:14:17

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL