Using prepared statements with mysql in python

Question

I am trying to use SQL with prepared statements in Python. Python doesn\'t have its own mechanism for this so I try to use SQL directly:

sql = \"PREPARE stm         


        

Answer 1

Python does support prepared statements:

sql = "INSERT INTO {} (date, time, tag, power) VALUES (%s, %s, %s, %s);"
sql = sql.format(self.db_scan_table)
self.cursor.execute(sql, (d, t, tag, power))

(You should ensure self.db_scan_table is not vulnerable to SQL injection)

This assumes your paramstyle is 'format', which it should be for MySQL.