0

I couldnot find this anywhere , so asking it here.

Say I have a query such as 

SELECT * from TABLE WHERE col in ('a', 'b', 'c', .......);

This data is provided by list of strings and it is quite huge with length more than 100. What is efficient way of parameter binding in such scenario.

I am currently doing 

'SELECT * from TABLE WHERE col in {0}'.format(str(tuple(LIST_OF_DATA)))

Another way I could think of is prepare a bind string with length of list such as ','.join(itertools.repeat("%s", len(LIST_OF_DATA))) and concatenate to query.

Is there any other way other than these to bind with in query a list of data ?

Gord Thompson
  • 107,466
  • 28
  • 191
  • 387
sagarchalise
  • 962
  • 7
  • 14
  • Don't use string formatting, it's an SQL injection risk. Did you research this? – roganjosh Oct 05 '18 at 18:44
  • I did look into documentation and did search for it. Obviously, I wouldn't go for formatting but couldn't find proper way to do this. I know the second process of preparing the bind data is better but I want to know if there is something better that I donot know of. – sagarchalise Oct 05 '18 at 18:52

0 Answers0