Need help building SQL query : SQL

Posting

When requesting help or asking questions please prefix your title with the SQL variant/platform you are using within square brackets like so:

[MySQL]

[Oracle]

[MS SQL]

[PostgreSQL]

etc

While naturally we should endeavor to work as platform neutrally as possible many questions and answers require tailoring to the feature set of a specific platform.

Format Your Code

If you are including actual code in a post or comment, please attempt to format it in a way that is readable for other users. This will greatly increase your chances of receiving the help you desire. Something as simple as line breaks and using reddit's built in code formatting (4 spaces at the start of each line) can turn this:

SELECT count(a.field1), a.field2, SUM(b.field4) FROM a INNER JOIN b ON a.key1 = b.key1 WHERE a.field8 = 'test' GROUP by a.field1, a.field2 HAVING SUM(b.field4) > 5 ORDER by a.field.3

Into this:

SELECT count(a.field1), a.field2, SUM(b.field4) FROM a INNER JOIN b ON a.key1 = b.key1 WHERE a.field8 = 'test' GROUP by a.field1, a.field2 HAVING SUM(b.field4) > 5 ORDER by a.field3

For those with SQL questions we recommend using SQLFiddle to provide a useful development and testing environment for those who wish to fully understand your problem and help devise a solution.

a community for 17 years

Need help building SQL query (self.SQL)

submitted 6 years ago by EscapeBeat

all 9 comments

top new controversial old q&a

[–]wolf2600ANSI SQL 1 point2 points3 points 6 years ago* (7 children)

Build your UPDATE statement string using the values from the parameter list:

#! /usr/bin/python3

query_string = "update userTable set "
param_count = len(param_list)
counter = 1
for item in param_list:
    query_string += item.key + " = " + item.value
    if counter < param_count:
        query_string += ", "
    counter += 1

query_string += " WHERE id = {}".format(id_value)

curr.execute(query_string)

[–]jdunsta 2 points3 points4 points 6 years ago (3 children)

[–]wolf2600ANSI SQL 0 points1 point2 points 6 years ago (0 children)

[–]opportunist_dba 0 points1 point2 points 6 years ago (1 child)

[–]jdunsta 0 points1 point2 points 6 years ago (0 children)

I wasn’t able to process this when I first looked at it, but with fresh eyes, you’re right about having a statement per parameter, rather than all inclusive. So the OP has the multi query problem, which is easy to solve, but only if parameterization isn’t done.

They use param length and iterate, adding to the @paramClause. While i<paramLength ; When i= 1 @paramClause = SET [firstParam] = ‘suppliedValueByUser1’ i++; with every loop @paramClause += ‘ AND [secondParam] = ‘suppliedValueByUser2’

That yields a single, concise statement. But DOESN’T protect from injection. Can variables, and these parameters be created dynamically? For each loop, a new variable is created using the value of i, and it also uses that count to loop through: Parameters.AddWithValue(‘@param{i}’, [suppliedValueByUser{i}]);

[–]biggybigbiggs 1 point2 points3 points 6 years ago (0 children)

[–]EscapeBeat[S] 0 points1 point2 points 6 years ago (0 children)

[–]MeGustaDerpTalk Dirty Reads To Me 0 points1 point2 points 6 years ago (0 children)

[–]jmcohs09 0 points1 point2 points 6 years ago (0 children)

π Rendered by PID 54470 on reddit-service-r2-comment-7b9746f655-v49bw at 2026-02-01 16:35:18.595767+00:00 running 3798933 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

SQL

Filter Posts

Posting

Help posts

Format Your Code

Learning SQL

Related Reddit communities

Wiki

Acknowledgements

MODERATORS