0

I'm trying to select data from one table, and perform a query on another table using the returned values from the first table.

Both tables are case-sensitive, and of type utf8-bin.

When I perform my first select, I am returned a tuple of binary values:

query = """SELECT id FROM table1"""
results = (b'1234', b'2345', b'3456')

I'd then like to perform a query on table2 using the ids returned from table1:

query = """SELECT element FROM table2 WHERE id IN (%s) """ % results

Is this the right way to do this?

Improve this question
3
  • Absolutely not, your values added with % are not escaped and is not guaranteed to work (not to mention the injection vulnerability). Commented Jul 8, 2014 at 14:34
  • What mysql library are you using? Commented Jul 8, 2014 at 14:36
  • Mysql.connector. I tried parameterizing the query but I get an error that I can't parameterize a tuple. Trying to find a way to do these 2 queries without processing the data inbetween. Thanks Commented Jul 8, 2014 at 14:38

1 Answer 1

Reset to default
1

You need to create the query so that it can be properly parameterized:

query = """SELECT element FROM table2 WHERE id IN (%s) """ % ",".join(['%s'] * len(results))

This will transform the query to:

query = """SELECT element FROM table2 WHERE id IN (%s,%s,%s) """

Then you can just pass query and results to the execute() (or appropriate) method so that results are properly parameterized.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thanks, this works. is there any performance downside to doing this?
@ensnare A performance downside you could encounter would be if you had 1000+ IDs because the query would have id IN (%s, %s, ... repeated 1000+ times) which could be large, but that could be solved with batching if it is an issue.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.