简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Backend Development  >  How to Resolve Parameter Substitution Issues in SQLite When Using Sequences vs. Strings?

How to Resolve Parameter Substitution Issues in SQLite When Using Sequences vs. Strings?

DDD
DDDOriginal
2024-10-19 15:28:30460browse

How to Resolve Parameter Substitution Issues in SQLite When Using Sequences vs. Strings?

Troubleshooting Parameter Substitution Issues in SQLite

Encountering issues when utilizing parameter substitution in SQLite3 with Python? Here's an in-depth investigation and a resolution.

In an attempt to prevent SQL injections, parameter substitution using '?' is advisable. However, an error may arise when utilizing this approach. For instance, with the following code:

<code class="python">for item in self.inventory_names:
    self.cursor.execute("SELECT weight FROM Equipment WHERE name = ?", item)
    self.cursor.close()</code>

The error "sqlite3.ProgrammingError: Incorrect number of bindings supplied" occurs, indicating that the statement specifies one binding, whereas eight are provided. This issue stems from the initial creation of the database table. The module responsible for database creation contains eight bindings, which leads to the mismatch.

<code class="python">cursor.execute("""CREATE TABLE Equipment 
    (id INTEGER PRIMARY KEY, 
    name TEXT,
    price INTEGER, 
    weight REAL, 
    info TEXT, 
    ammo_cap INTEGER, 
    availability_west TEXT,
    availability_east TEXT)""")</code>

Ironically, substituting '?' with a less secure '%s' resolves the problem:

<code class="python">for item in self.inventory_names:
    self.cursor.execute("SELECT weight FROM Equipment WHERE name = '%s'" % item)
    self.cursor.close()</code>

The reason behind this paradox lies in the way Cursor.execute() accepts its second parameter. Instead of a single string, it expects a sequence, but you are passing a string of length eight.

To rectify this issue, adjust the code to the following:

<code class="python">self.cursor.execute("SELECT weight FROM Equipment WHERE name = ?", [item])</code>

This modification ensures that the parameter substitution works as intended. Always ensure that the second parameter passed to Cursor.execute() corresponds to the specified number of bindings in the SQL statement.

The above is the detailed content of How to Resolve Parameter Substitution Issues in SQLite When Using Sequences vs. Strings?. For more information, please follow other related articles on the PHP Chinese website!

Python sql less String for Error using Length number this table sqlite database issue
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Why Do I Get \"Incorrect Number of Bindings Supplied\" Error in SQLite Parameter Substitution?Next article:Why Do I Get \"Incorrect Number of Bindings Supplied\" Error in SQLite Parameter Substitution?

Related articles

See more