0

What is a safe way to replace the number in the second-to-last line of this SQL query with a variable?

Say my variable is customer_id. Can I use {} in place of 2 and put .format(customer_id) at the end of this string? 

unlicensed_query = """
    SELECT SUM(x.quantity), SUM(x.quantity * p.list_price)
        FROM (
        SELECT cu.customer_id, cu.product_id, cu.quantity
        FROM csi_usage cu LEFT JOIN csi c
        ON cu.customer_id = c.customer_id
        AND cu.product_id = c.product_id
        WHERE c.product_id IS NULL
        AND cu.customer_id = 2) x, product p
        WHERE x.product_id = p.id;
    """
Improve this question
4
  • which database? Commented Apr 5, 2017 at 20:11
  • mysql but the query is execute with sqlalchemy like so: self.session.execute(unlicensed_query).fetchall()[0] Commented Apr 5, 2017 at 20:12
  • 3
    Look here: docs.sqlalchemy.org/en/latest/core/… Commented Apr 5, 2017 at 20:14
  • I used bound parameters using thebjorn's link and it's working well. Thanks! Commented Apr 5, 2017 at 20:47

1 Answer 1

Reset to default
2

As stated by thebjorn, the correct way to do this is to use bound parameters (http://docs.sqlalchemy.org/en/latest/core/tutorial.html#specifying-bound-parameter-behaviors). An example is here:

from sqlalchemy.sql import text
fully_utilized_query = text("""
    SELECT SUM(x.quantity)
            FROM (
            SELECT cu.customer_id, cu.product_id, cu.quantity
            FROM csi_usage cu
            JOIN csi c
            ON cu.customer_id = c.customer_id
            AND cu.product_id = c.product_id
            AND cu.quantity = c.licence_qty
            WHERE cu.customer_id = :customer_id) x;
    """)
fully_utilized = self.session.execute(fully_utilized_query, {'customer_id': current_user.customer_id}).scalar()
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.