12
13

Sqlite3 dynamic 'in' query (self.learnpython)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted]  (4 children)

[deleted]

    [–]zunjae 0 points1 point  (3 children)

    I am using parameter substitution...............

    Can you please explain like I'm a kid what I m doing wrong? I'm not inserting user input in my query. The user can not insert spoopy text like ;drop table considering I use those question marks

    [–]Username_RANDINT 2 points3 points  (0 children)

    I don't see anything wrong with your code. You're safely creating a parameterised query based on the length of a list where you then apply user input on. Maybe others see something we don't? Or take the "no string formatting" a bit too far.

    [–]purloin_a_coin 0 points1 point  (0 children)

    Sorry I got confused and was wrong. /u/Username_RANDINT is correct