[Tutor] sqlite search syntax
Prasad, Ramit
ramit.prasad at jpmorgan.com
Fri Jan 18 22:15:04 CET 2013
Roger Shaw wrote:
>
> Hello,
> I am very new to python.
>
> Wrote a small program to use on my android phone using pickle/shelve to access data.
>
> That worked fine but i realised it would be better to use sqlite as a database to more easily modify the data.
>
> I havent got a clue about sqlite, have a book but cant find the answer
>
> My problem is this.
>
> I can access data by putting characters to search for into the program but i want it to be a variable string
> that i can search for.
>
> Specificaly a couple of letters i input from keypad.
>
>
>
> At the moment this works to search for everything beginning with A
> sql = "SELECT * FROM plants WHERE genus LIKE 'A%'";
> cursor.execute(sql);
You should avoid the above style query if you ever get data from an
untrusted source (user/internet) as bad things (obligatory xkcd:
http://xkcd.com/327/ ) can happen. Instead, use parameterized queries which
will handle escaping the input.
sql = "SELECT * FROM plants where genus LIKE ?"
cursor.execute(sql, (genus + '%')) # Add wildcard to parameter, not the base
# query.
Using this notation, genus can hold one character or any amount.
> slt =cursor.fetchone();
> What i really need is to search for everything beginning with two letters from an input command.
>
> As in A is a variable that could be Bl or An or someother two letter combination
>
~Ramit
This email is confidential and subject to important disclaimers and
conditions including on offers for the purchase or sale of
securities, accuracy and completeness of information, viruses,
confidentiality, legal privilege, and legal entity disclaimers,
available at http://www.jpmorgan.com/pages/disclosures/email.
More information about the Tutor
mailing list