2

I already referred these posts 1, 2. Am not sure whether I am using the suggestions from these posts incorrectly.

Basically, I would like to use my pandas list in a postgresql query (written in Jupyter notebook)

id_list = [1,2,3,4]

I would like to use my id_list in the below query. I tried the below 2 options

option-1

df_q = pd.read_sql('select * from tablea where subject_id in {id_list}', con=conn)

option-2

cur.execute("select * from tablea where subject_id in %s", id_list)

Can experts here help me with the solution on how to use the python variables directly in the query?

Improve this question

2 Answers 2

Reset to default
2

The correct way to handle an IN clause is by building the placeholder clause separately, then using parameter substitution to bind the list elements to the query:

sql = "select * from tablea where subject_id in ({})"
# Create a string like "%s, %s, %s" with one "%s" per list element
placeholders = ', '.join(['%s'] * len(id_list))
sql = sql.format(placeholders)
# Use parameter substitution to bind values to the query
cur.execute(sql, id_list)

Using string formatting or concatenation, including f-strings, may cause errors if values are incorrectly escaped, or in the worst case expose your database to SQL injection attacks.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

What is the result of print(cur.mogrify(sql, id_list))?
I fixed it. It was an unrelated issue. May I know what does mogrify stand for?
It prints the query that will be sent to the database psycopg.org/docs/cursor.html#cursor.mogrify (assuming that your are using psycopg2, which I should checked :-)
0

If you want to use a variable inside string in python you just want to add f at the start of the string like that

df_q = pd.read_sql(f'select * from tablea where subject_id in {id_list}', con=conn)

This will get translated to 'select * from tablea where subject_id in [1, 3, 4]'

Improve this answer

2 Comments

However, Postgresql does not use [ to express lists. You might want to convert list to tuple as it use (. df_q = pd.read_sql(f'select * from tablea where subject_id in {tuple(id_list)}', con=conn)
Using string formatting to bind values to SQL queries is error-prone and a security risk. Please don;t do it.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.