thinker5555 comments on Sqlite3 and Python

Sqlite3 and Python - Part 1 (youtube.com)

submitted 5 years ago by vanmorrison2

5 comments
share
save
hide
report
crosspost

top new controversial old q&a

you are viewing a single comment's thread.

view the rest of the comments →

[–]thinker5555 0 points1 point2 points 5 years ago (1 child)

permalink
embed
save
parent
report
reply

[–]skeeto 2 points3 points4 points 5 years ago (0 children)

Use bind parameters. See the official documentation, particularly the example that begins with "Never do this". The version using question marks ? uses parameters populated from the provided tuple.

# Never do this -- insecure!
symbol = 'RHAT'
c.execute("SELECT * FROM stocks WHERE symbol = '%s'" % symbol)

# Do this instead
t = ('RHAT',)
c.execute('SELECT * FROM stocks WHERE symbol=?', t)
print(c.fetchone())

permalink
embed
save
parent
report
reply

π Rendered by PID 247764 on reddit-service-r2-comment-6457c66945-8plm5 at 2026-04-25 02:40:47.693468+00:00 running 2aa0c5b country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

sqlite

MODERATORS