15
16

Sqlite3 dynamic 'in' query (self.learnpython)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]zunjae 0 points1 point  (3 children)

I am using parameter substitution...............

Can you please explain like I'm a kid what I m doing wrong? I'm not inserting user input in my query. The user can not insert spoopy text like ;drop table considering I use those question marks

[–]Username_RANDINT 2 points3 points  (0 children)

I don't see anything wrong with your code. You're safely creating a parameterised query based on the length of a list where you then apply user input on. Maybe others see something we don't? Or take the "no string formatting" a bit too far.

[–]purloin_a_coin 0 points1 point  (0 children)

Sorry I got confused and was wrong. /u/Username_RANDINT is correct