Add quotes to every list element
I\'m very new to python. I need a simple and clear script to add quotes to every list elements. Let me explain more. Here is the my code.
parameters = [\'a\'
-
As you asked it, use this:
parameters = ['a', 'b', 'c'] ', '.join(map(lambda x: "'" + x + "'", parameters))Since you're creating an SQL query, please use your database library's features regarding input sanitation (example for mysqldb). You don't want to end up with an issue like Bobby Tables.
讨论(0) -
A naive solution would be to iterate over your
parameterslist and append quotes to the beginning and end of each element:(', '.join('"' + item + '"' for item in parameters))Note: this is vulnerable to SQL injection (whether coincidental or deliberate). A better solution is to let the database quote and insert these values:
query = "SELECT * FROM foo WHERE bar IN (%s)" % ','.join('?' * len(params)) cursor.execute(query, params)It's easier to read and handles quoting properly.
讨论(0) -
In general (ignoring SQL)
In [3]: print(' '.join('"%s"' % x for x in ['a', 'b'])) "a" "b"讨论(0) -
For simple parameters, the following should work:
query = "SELECT * FROM foo WHERE bar IN %s" % repr(tuple(map(str,parameters)))This may break down when the parameter names themselves include quotes, as the escaping rules are different.
讨论(0)
加载中...
- 热议问题