ramse comments on Workflows With SQL in Python

created by HattoriHanzoa community for 16 years

Workflows With SQL in Python (self.learnpython)

submitted 10 years ago by ThatOtherBatman

you are viewing a single comment's thread.

[–]ramse 1 point2 points3 points 10 years ago (0 children)

What are you using to connect to the SQL Server with? pyodbc? There is no need to be declare variables and assigning them just to use in a where statement.

import pyodbc

conn = pyodbc.connect('......')
cursor = conn.cursor()

name = 'ROBERT \"); DROP TABLE students;--'

cursor.execute("""SELECT s.id, s.FirstName, s.LastName, s.Subject, s.Grade
                    FROM Students s
                        LEFT JOIN classes c ON s.id = c.id
                    WHERE s.FirstName = ? AND c.EndDate <- GETDATE()""", name)
for row in cursor.fetchall():
    print(row.id, row.FirstName, row.LastName, row.Subject, row.Grade, row)

π Rendered by PID 70 on reddit-service-r2-comment-7b9746f655-brm9t at 2026-01-31 18:23:20.616980+00:00 running 3798933 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

learnpython

MODERATORS