give parameter(list or array) to in operator - python, sql [duplicate]

Asked 10/1, 2015 at 23:45 Answered 1/7, 2020 at 21:46

I have a list in python.

article_ids = [1,2,3,4,5,6]

I need to use this list in sql statement like this :

SELECT id FROM table WHERE article_id IN (article_ids)

How can I provide this list to my IN() clause?

I have already try some ways which I googled, but I couldn't figure it out.

>> print ids_list
    placeholders= ', '.join('?'*len(ids_list))  # "?, ?, ?, ... ?"
    query = 'SELECT article_id FROM article_author_institution WHERE institution_id IN ({})'.format(placeholders)
    print query
    cursor.execute(query, ids_list)

Error message I get:

SELECT article_id FROM article_author_institution WHERE institution_id IN (?)
     query = query % db.literal(args)
    TypeError: not all arguments converted during string formatting

For example for:

ids_list = [9,10]

placeholders= ', '.join('%'*len(ids_list))  # "?, ?, ?, ... ?"
query = 'SELECT aid FROM article_author_institution WHERE instid IN ({})'.format(placeholders)
print query
cursor.execute(query, ids_list)

The output and error message are:

SELECT aid FROM article_author_institution WHERE instid IN (%, %)
Traceback (most recent call last):
  File "deneme3.py", line 11, in <module>
    cursor.execute(query, ids_list)
  File "/usr/lib/python2.7/dist-packages/MySQLdb/cursors.py", line 159, in execute
    query = query % db.literal(args)
ValueError: unsupported format character ',' (0x2c) at index 61

Antivenin answered 10/1, 2015 at 23:45 Comment(0)

The idea is to have a query like this one:

cursor.execute("SELECT ... IN (%s, %s, %s)", (1, 2, 3))

where each %s will be substituted by elements in your list. To construct this string query you can do:

placeholders= ', '.join(['%s']*len(article_ids))  # "%s, %s, %s, ... %s"
query = 'SELECT name FROM table WHERE article_id IN ({})'.format(placeholders)

finally

cursor.execute(query, tuple(article_ids))

Venlo answered 10/1, 2015 at 23:58 Comment(7)

Not work again, i editted and put the output and my code to the question. If you check and help, i will appreciated – Antivenin 11/1, 2015 at 0:35

Are you using sqlite? What DB are you using? What python driver? – Venlo 11/1, 2015 at 0:52

Db is mysql , python version is 2.7 – Antivenin 11/1, 2015 at 1:1

Which module are you using to access the DB from python? – Venlo 11/1, 2015 at 1:5

Thats the problem, I assumed Sqlite, in MySQL we need %s instead of ?. Please try my updated answer. – Venlo 11/1, 2015 at 1:24

You made a small mistake copying the code, in placeholders= line, replace '%' with ['%s'], or copy paste directly from answer. – Venlo 11/1, 2015 at 1:52

thank you to the question poster and this answer! – Orelle 11/2, 2022 at 15:36

I think the right option is to use tuples data structure. Hope below code helps you.

article_ids = [1,2,3,4,5,6]
ids = tuple(article_ids)
query = "SELECT name FROM table WHERE article_id IN {}".format(ids)
cursor.execute(query)

Clubfoot answered 1/7, 2020 at 21:46 Comment(7)

I honestly feel like this is the best, cleanest answer. Not sure why I'm the only upvote ... 🤔 – Magritte 19/11, 2020 at 15:28

cleanest answer! thank you – Impertinent 29/3, 2021 at 12:42

Thank you, Andrew Einhorn & Hanan Atallah – Clubfoot 30/3, 2021 at 10:47

This solution is prone to sql injection attacks. The accepted answer is the safest way to do it. – Crowther 19/7, 2021 at 10:13

Jp Reddy thanks for this clarification! – Orelle 11/2, 2022 at 15:37

You will get a syntax error if the list has only 1 item, this is because Python will convert the tuple like this (1,) ... so the comma will cause a syntax error in the database statement – Pallid 14/2, 2022 at 9:28

@AndrewEinhorn that's a SQL injection bug, not a clean answer. – Frankenstein 14/12, 2023 at 16:56

For Python3 you can use

article_ids = [1,2,3,4,5,6]
sql_list = str(tuple([key for key in article_ids])).replace(',)', ')')
query ="""
    SELECT id FROM table WHERE article_id IN {sql_list}
""".format(sql_list=sql_list)

resulting in

>>> print(query)

    SELECT id FROM table WHERE article_id IN (1, 2, 3, 4, 5, 6)

which you can feed to

cursor.execute(query)

This also works for article_ids of only 1 value (where tuple generates (1,)).

It also works for arrays of strings:

article_titles = ['some', 'article titles']

resulting in

    SELECT id FROM table WHERE article_title IN ('some', 'article titles')

Goral answered 25/6, 2020 at 12:29 Comment(4)

str(tuple([key for key in article_ids])).replace(',)', ')') saved me a lot of time. thanks! – Maharanee 6/1, 2021 at 15:50

This method is also prone to SQL injection attacks – Bhatt 18/3, 2022 at 19:18

Can you explain the .format(sqllist=sqllist) at the end of the query please? – Righteous 27/4, 2023 at 14:35

.format(sql_list=sql_list) means replace the string {sql_list} in the query in line 4 with the value of sql_list as set in line 2. – Goral 28/4, 2023 at 15:37

Recommended topics

Hot tags