pyodbc - How to perform a select statement using a variable for a parameter
You are also able to parameterize statements:
...cursor.execute("select * from Throughput where DeviceName = ?", data['DeviceName'])...
This a better approach for the following reasons:
- Protection against SQL injection (you should always validate user input regardless of whether parameterized or dynamic SQL is used)
- You don't have to worry about escaping where clause values with single quotes since parameters are passed to the database separately
- SQL is prepared once, subsequent executions of the query use the prepared statement instead of recompiling
I don't know if my problem is similar to yours or not but my problem was because I had written a query likeWHERE date > ?" "OR date NOT LIKE '9%'
and I'd forgotten to put a simple space (' ') either at the end of the 1st line or the end of the 2nd one. Finally I resolved it just with doing this. And the final code looks like:
WHERE date > ? " "OR date NOT LIKE '9%'
note: pay attention to the final ' ' at the end of the 1st line.