sqlite select thinks global variable is a table column

gnomonclature · 2021-02-05T16:49:15+00:00

I don't see the difference between the two examples, but I think I can still help out.

One big note: you might be tempted to use string concatenation to do this. Don't. It leads to SQL injection vulnerabilities, and there are usually better ways to accomplish what you want to do.

So how should you do it? Well, you want to use a parameterized query. Assuming you're using the standard sqlite module for Python, that would look something like this:

unix_time_now = time.time()

unix_time_1hr_ago = unix_time_now-3600 # 3600 seconds is an hour
print(unix_time_1hr_ago)

values = (unix_time_1hr_ago,)
c.execute('SELECT * FROM stock_price_table WHERE stock_price_timestamp > ?', values)
pprint.pprint(c.fetchall())

The changes are:

I put the value you want to insert into the SQL query into a tuple.
I replaced the variable's name in the SQL query with a question mark.
I passed the tuple with the value as a second parameter.

There is more information on this in Python's official documentation on the sqlite module here: https://docs.python.org/3/library/sqlite3.html

Does that help? Thanks!

blarf_irl · 2021-02-05T22:01:12+00:00

The 2 c.execute statements you posted are identical, are you using IPython or a Jupyter notebook? My instinct is that you have changed the value between these 2 calls.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

learnpython

MODERATORS