Python, SQLAlchemy pass parameters in connection.execute









up vote
13
down vote

favorite
5












I am using SQLAlchemy connection.execute(sql) to transform select results to array of maps. Have following code




def __sql_to_data(sql):
result =
connection = engine.connect()
try:
rows = connection.execute(sql)
for row in rows:
result_row =
for col in row.keys():
result_row[str(col)] = str(row[col])
result.append(result_row)
finally:
connection.close()
return result


and e.g.


__sql_to_data(sql_get_scan_candidate)
gives me nice data structure (Of course I am using this for small data sets).
But in order to add parameter to sql I am currently using format e.g.

return __sql_to_data(sql_get_profile.format(user_id))


Question
How to modify procedure to make possible something like



return __sql_to_data(sql_get_profile,user_id)









share|improve this question

























    up vote
    13
    down vote

    favorite
    5












    I am using SQLAlchemy connection.execute(sql) to transform select results to array of maps. Have following code




    def __sql_to_data(sql):
    result =
    connection = engine.connect()
    try:
    rows = connection.execute(sql)
    for row in rows:
    result_row =
    for col in row.keys():
    result_row[str(col)] = str(row[col])
    result.append(result_row)
    finally:
    connection.close()
    return result


    and e.g.


    __sql_to_data(sql_get_scan_candidate)
    gives me nice data structure (Of course I am using this for small data sets).
    But in order to add parameter to sql I am currently using format e.g.

    return __sql_to_data(sql_get_profile.format(user_id))


    Question
    How to modify procedure to make possible something like



    return __sql_to_data(sql_get_profile,user_id)









    share|improve this question























      up vote
      13
      down vote

      favorite
      5









      up vote
      13
      down vote

      favorite
      5






      5





      I am using SQLAlchemy connection.execute(sql) to transform select results to array of maps. Have following code




      def __sql_to_data(sql):
      result =
      connection = engine.connect()
      try:
      rows = connection.execute(sql)
      for row in rows:
      result_row =
      for col in row.keys():
      result_row[str(col)] = str(row[col])
      result.append(result_row)
      finally:
      connection.close()
      return result


      and e.g.


      __sql_to_data(sql_get_scan_candidate)
      gives me nice data structure (Of course I am using this for small data sets).
      But in order to add parameter to sql I am currently using format e.g.

      return __sql_to_data(sql_get_profile.format(user_id))


      Question
      How to modify procedure to make possible something like



      return __sql_to_data(sql_get_profile,user_id)









      share|improve this question













      I am using SQLAlchemy connection.execute(sql) to transform select results to array of maps. Have following code




      def __sql_to_data(sql):
      result =
      connection = engine.connect()
      try:
      rows = connection.execute(sql)
      for row in rows:
      result_row =
      for col in row.keys():
      result_row[str(col)] = str(row[col])
      result.append(result_row)
      finally:
      connection.close()
      return result


      and e.g.


      __sql_to_data(sql_get_scan_candidate)
      gives me nice data structure (Of course I am using this for small data sets).
      But in order to add parameter to sql I am currently using format e.g.

      return __sql_to_data(sql_get_profile.format(user_id))


      Question
      How to modify procedure to make possible something like



      return __sql_to_data(sql_get_profile,user_id)






      python sql sqlalchemy parameter-passing






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Oct 11 '13 at 9:08









      Denis

      3062312




      3062312






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          31
          down vote



          accepted










          The tutorial gives a pretty good example for this:



          >>> from sqlalchemy.sql import text
          >>> s = text(
          ... "SELECT users.fullname || ', ' || addresses.email_address AS title "
          ... "FROM users, addresses "
          ... "WHERE users.id = addresses.user_id "
          ... "AND users.name BETWEEN :x AND :y "
          ... "AND (addresses.email_address LIKE :e1 "
          ... "OR addresses.email_address LIKE :e2)")
          SQL>>> conn.execute(s, x='m', y='z', e1='%@aol.com', e2='%@msn.com').fetchall()
          [(u'Wendy Williams, wendy@aol.com',)]


          First, take your SQL string and pass it to sqalchemy.sql.text(). This isn't necessary, but probably a good idea...




          The advantages text() provides over a plain string are backend-neutral
          support for bind parameters, per-statement execution options, as well
          as bind parameter and result-column typing behavior, allowing
          SQLAlchemy type constructs to play a role when executing a statement
          that is specified literally.




          Note that even if you didn't use text(), you should NEVER just use sql.format(...). This leads to greater risk of SQL injection attacks.



          Next, you can specify the actual arguments using keyword parameters to the execute() function you've already been using.



          Now, in your example, you have a function that wraps the execute functionality. So, if you want to use this for multiple queries, you'll need to make the parameters able to receive your arguments. You could do this pretty simple as a dictionary:



          def _sql_to_data(sql, values):
          ...
          conn.execute(sql, values)


          values would be a dictionary.You could then use your function like this...



          sql = 'SELECT ...'
          data = 'user_id' : 3
          results = _sql_to_data(sql, data)


          Using keywords as your parameters is just one way of specifying the arguments to the execute() function. You can read the documentation for that function for a few different ways.






          share|improve this answer


















          • 3




            Thank you, my bad, by some reason I was not able to find this in doc. My only one excuse SQLAlchemy doc is somewhat fragmented with emphasis on ORM.
            – Denis
            Oct 12 '13 at 10:11










          • One more question - how fetchAll() and then itterating in results data structure relates to for row in rows in terms of memory consumption?
            – Denis
            Oct 12 '13 at 10:36










          • @Denis: I'm not sure exactly what you mean. Perhaps you should create another StackOverflow question, and try to be more specific about what you are asking.
            – Mark Hildreth
            Oct 12 '13 at 19:45










          • text does not let you create a list of values which is a tremendous downside and often makes it unusable in many of my cases making format the only real way.
            – Steven Wade
            Jul 12 at 16:49










          • @stevenwade Format is never the real way, unleas you mean formatting the required placeholders for the list values, and SQLAlchemy even does it for you using bindparam(..., expanding=True). On the other hand some DB-API drivers adapt arrays out of the box to suitable SQL.
            – Ilja Everilä
            Nov 10 at 12:51










          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f19314342%2fpython-sqlalchemy-pass-parameters-in-connection-execute%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          31
          down vote



          accepted










          The tutorial gives a pretty good example for this:



          >>> from sqlalchemy.sql import text
          >>> s = text(
          ... "SELECT users.fullname || ', ' || addresses.email_address AS title "
          ... "FROM users, addresses "
          ... "WHERE users.id = addresses.user_id "
          ... "AND users.name BETWEEN :x AND :y "
          ... "AND (addresses.email_address LIKE :e1 "
          ... "OR addresses.email_address LIKE :e2)")
          SQL>>> conn.execute(s, x='m', y='z', e1='%@aol.com', e2='%@msn.com').fetchall()
          [(u'Wendy Williams, wendy@aol.com',)]


          First, take your SQL string and pass it to sqalchemy.sql.text(). This isn't necessary, but probably a good idea...




          The advantages text() provides over a plain string are backend-neutral
          support for bind parameters, per-statement execution options, as well
          as bind parameter and result-column typing behavior, allowing
          SQLAlchemy type constructs to play a role when executing a statement
          that is specified literally.




          Note that even if you didn't use text(), you should NEVER just use sql.format(...). This leads to greater risk of SQL injection attacks.



          Next, you can specify the actual arguments using keyword parameters to the execute() function you've already been using.



          Now, in your example, you have a function that wraps the execute functionality. So, if you want to use this for multiple queries, you'll need to make the parameters able to receive your arguments. You could do this pretty simple as a dictionary:



          def _sql_to_data(sql, values):
          ...
          conn.execute(sql, values)


          values would be a dictionary.You could then use your function like this...



          sql = 'SELECT ...'
          data = 'user_id' : 3
          results = _sql_to_data(sql, data)


          Using keywords as your parameters is just one way of specifying the arguments to the execute() function. You can read the documentation for that function for a few different ways.






          share|improve this answer


















          • 3




            Thank you, my bad, by some reason I was not able to find this in doc. My only one excuse SQLAlchemy doc is somewhat fragmented with emphasis on ORM.
            – Denis
            Oct 12 '13 at 10:11










          • One more question - how fetchAll() and then itterating in results data structure relates to for row in rows in terms of memory consumption?
            – Denis
            Oct 12 '13 at 10:36










          • @Denis: I'm not sure exactly what you mean. Perhaps you should create another StackOverflow question, and try to be more specific about what you are asking.
            – Mark Hildreth
            Oct 12 '13 at 19:45










          • text does not let you create a list of values which is a tremendous downside and often makes it unusable in many of my cases making format the only real way.
            – Steven Wade
            Jul 12 at 16:49










          • @stevenwade Format is never the real way, unleas you mean formatting the required placeholders for the list values, and SQLAlchemy even does it for you using bindparam(..., expanding=True). On the other hand some DB-API drivers adapt arrays out of the box to suitable SQL.
            – Ilja Everilä
            Nov 10 at 12:51














          up vote
          31
          down vote



          accepted










          The tutorial gives a pretty good example for this:



          >>> from sqlalchemy.sql import text
          >>> s = text(
          ... "SELECT users.fullname || ', ' || addresses.email_address AS title "
          ... "FROM users, addresses "
          ... "WHERE users.id = addresses.user_id "
          ... "AND users.name BETWEEN :x AND :y "
          ... "AND (addresses.email_address LIKE :e1 "
          ... "OR addresses.email_address LIKE :e2)")
          SQL>>> conn.execute(s, x='m', y='z', e1='%@aol.com', e2='%@msn.com').fetchall()
          [(u'Wendy Williams, wendy@aol.com',)]


          First, take your SQL string and pass it to sqalchemy.sql.text(). This isn't necessary, but probably a good idea...




          The advantages text() provides over a plain string are backend-neutral
          support for bind parameters, per-statement execution options, as well
          as bind parameter and result-column typing behavior, allowing
          SQLAlchemy type constructs to play a role when executing a statement
          that is specified literally.




          Note that even if you didn't use text(), you should NEVER just use sql.format(...). This leads to greater risk of SQL injection attacks.



          Next, you can specify the actual arguments using keyword parameters to the execute() function you've already been using.



          Now, in your example, you have a function that wraps the execute functionality. So, if you want to use this for multiple queries, you'll need to make the parameters able to receive your arguments. You could do this pretty simple as a dictionary:



          def _sql_to_data(sql, values):
          ...
          conn.execute(sql, values)


          values would be a dictionary.You could then use your function like this...



          sql = 'SELECT ...'
          data = 'user_id' : 3
          results = _sql_to_data(sql, data)


          Using keywords as your parameters is just one way of specifying the arguments to the execute() function. You can read the documentation for that function for a few different ways.






          share|improve this answer


















          • 3




            Thank you, my bad, by some reason I was not able to find this in doc. My only one excuse SQLAlchemy doc is somewhat fragmented with emphasis on ORM.
            – Denis
            Oct 12 '13 at 10:11










          • One more question - how fetchAll() and then itterating in results data structure relates to for row in rows in terms of memory consumption?
            – Denis
            Oct 12 '13 at 10:36










          • @Denis: I'm not sure exactly what you mean. Perhaps you should create another StackOverflow question, and try to be more specific about what you are asking.
            – Mark Hildreth
            Oct 12 '13 at 19:45










          • text does not let you create a list of values which is a tremendous downside and often makes it unusable in many of my cases making format the only real way.
            – Steven Wade
            Jul 12 at 16:49










          • @stevenwade Format is never the real way, unleas you mean formatting the required placeholders for the list values, and SQLAlchemy even does it for you using bindparam(..., expanding=True). On the other hand some DB-API drivers adapt arrays out of the box to suitable SQL.
            – Ilja Everilä
            Nov 10 at 12:51












          up vote
          31
          down vote



          accepted







          up vote
          31
          down vote



          accepted






          The tutorial gives a pretty good example for this:



          >>> from sqlalchemy.sql import text
          >>> s = text(
          ... "SELECT users.fullname || ', ' || addresses.email_address AS title "
          ... "FROM users, addresses "
          ... "WHERE users.id = addresses.user_id "
          ... "AND users.name BETWEEN :x AND :y "
          ... "AND (addresses.email_address LIKE :e1 "
          ... "OR addresses.email_address LIKE :e2)")
          SQL>>> conn.execute(s, x='m', y='z', e1='%@aol.com', e2='%@msn.com').fetchall()
          [(u'Wendy Williams, wendy@aol.com',)]


          First, take your SQL string and pass it to sqalchemy.sql.text(). This isn't necessary, but probably a good idea...




          The advantages text() provides over a plain string are backend-neutral
          support for bind parameters, per-statement execution options, as well
          as bind parameter and result-column typing behavior, allowing
          SQLAlchemy type constructs to play a role when executing a statement
          that is specified literally.




          Note that even if you didn't use text(), you should NEVER just use sql.format(...). This leads to greater risk of SQL injection attacks.



          Next, you can specify the actual arguments using keyword parameters to the execute() function you've already been using.



          Now, in your example, you have a function that wraps the execute functionality. So, if you want to use this for multiple queries, you'll need to make the parameters able to receive your arguments. You could do this pretty simple as a dictionary:



          def _sql_to_data(sql, values):
          ...
          conn.execute(sql, values)


          values would be a dictionary.You could then use your function like this...



          sql = 'SELECT ...'
          data = 'user_id' : 3
          results = _sql_to_data(sql, data)


          Using keywords as your parameters is just one way of specifying the arguments to the execute() function. You can read the documentation for that function for a few different ways.






          share|improve this answer














          The tutorial gives a pretty good example for this:



          >>> from sqlalchemy.sql import text
          >>> s = text(
          ... "SELECT users.fullname || ', ' || addresses.email_address AS title "
          ... "FROM users, addresses "
          ... "WHERE users.id = addresses.user_id "
          ... "AND users.name BETWEEN :x AND :y "
          ... "AND (addresses.email_address LIKE :e1 "
          ... "OR addresses.email_address LIKE :e2)")
          SQL>>> conn.execute(s, x='m', y='z', e1='%@aol.com', e2='%@msn.com').fetchall()
          [(u'Wendy Williams, wendy@aol.com',)]


          First, take your SQL string and pass it to sqalchemy.sql.text(). This isn't necessary, but probably a good idea...




          The advantages text() provides over a plain string are backend-neutral
          support for bind parameters, per-statement execution options, as well
          as bind parameter and result-column typing behavior, allowing
          SQLAlchemy type constructs to play a role when executing a statement
          that is specified literally.




          Note that even if you didn't use text(), you should NEVER just use sql.format(...). This leads to greater risk of SQL injection attacks.



          Next, you can specify the actual arguments using keyword parameters to the execute() function you've already been using.



          Now, in your example, you have a function that wraps the execute functionality. So, if you want to use this for multiple queries, you'll need to make the parameters able to receive your arguments. You could do this pretty simple as a dictionary:



          def _sql_to_data(sql, values):
          ...
          conn.execute(sql, values)


          values would be a dictionary.You could then use your function like this...



          sql = 'SELECT ...'
          data = 'user_id' : 3
          results = _sql_to_data(sql, data)


          Using keywords as your parameters is just one way of specifying the arguments to the execute() function. You can read the documentation for that function for a few different ways.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jun 2 '17 at 23:28









          robert_x44

          7,99312235




          7,99312235










          answered Oct 11 '13 at 17:53









          Mark Hildreth

          27.1k89097




          27.1k89097







          • 3




            Thank you, my bad, by some reason I was not able to find this in doc. My only one excuse SQLAlchemy doc is somewhat fragmented with emphasis on ORM.
            – Denis
            Oct 12 '13 at 10:11










          • One more question - how fetchAll() and then itterating in results data structure relates to for row in rows in terms of memory consumption?
            – Denis
            Oct 12 '13 at 10:36










          • @Denis: I'm not sure exactly what you mean. Perhaps you should create another StackOverflow question, and try to be more specific about what you are asking.
            – Mark Hildreth
            Oct 12 '13 at 19:45










          • text does not let you create a list of values which is a tremendous downside and often makes it unusable in many of my cases making format the only real way.
            – Steven Wade
            Jul 12 at 16:49










          • @stevenwade Format is never the real way, unleas you mean formatting the required placeholders for the list values, and SQLAlchemy even does it for you using bindparam(..., expanding=True). On the other hand some DB-API drivers adapt arrays out of the box to suitable SQL.
            – Ilja Everilä
            Nov 10 at 12:51












          • 3




            Thank you, my bad, by some reason I was not able to find this in doc. My only one excuse SQLAlchemy doc is somewhat fragmented with emphasis on ORM.
            – Denis
            Oct 12 '13 at 10:11










          • One more question - how fetchAll() and then itterating in results data structure relates to for row in rows in terms of memory consumption?
            – Denis
            Oct 12 '13 at 10:36










          • @Denis: I'm not sure exactly what you mean. Perhaps you should create another StackOverflow question, and try to be more specific about what you are asking.
            – Mark Hildreth
            Oct 12 '13 at 19:45










          • text does not let you create a list of values which is a tremendous downside and often makes it unusable in many of my cases making format the only real way.
            – Steven Wade
            Jul 12 at 16:49










          • @stevenwade Format is never the real way, unleas you mean formatting the required placeholders for the list values, and SQLAlchemy even does it for you using bindparam(..., expanding=True). On the other hand some DB-API drivers adapt arrays out of the box to suitable SQL.
            – Ilja Everilä
            Nov 10 at 12:51







          3




          3




          Thank you, my bad, by some reason I was not able to find this in doc. My only one excuse SQLAlchemy doc is somewhat fragmented with emphasis on ORM.
          – Denis
          Oct 12 '13 at 10:11




          Thank you, my bad, by some reason I was not able to find this in doc. My only one excuse SQLAlchemy doc is somewhat fragmented with emphasis on ORM.
          – Denis
          Oct 12 '13 at 10:11












          One more question - how fetchAll() and then itterating in results data structure relates to for row in rows in terms of memory consumption?
          – Denis
          Oct 12 '13 at 10:36




          One more question - how fetchAll() and then itterating in results data structure relates to for row in rows in terms of memory consumption?
          – Denis
          Oct 12 '13 at 10:36












          @Denis: I'm not sure exactly what you mean. Perhaps you should create another StackOverflow question, and try to be more specific about what you are asking.
          – Mark Hildreth
          Oct 12 '13 at 19:45




          @Denis: I'm not sure exactly what you mean. Perhaps you should create another StackOverflow question, and try to be more specific about what you are asking.
          – Mark Hildreth
          Oct 12 '13 at 19:45












          text does not let you create a list of values which is a tremendous downside and often makes it unusable in many of my cases making format the only real way.
          – Steven Wade
          Jul 12 at 16:49




          text does not let you create a list of values which is a tremendous downside and often makes it unusable in many of my cases making format the only real way.
          – Steven Wade
          Jul 12 at 16:49












          @stevenwade Format is never the real way, unleas you mean formatting the required placeholders for the list values, and SQLAlchemy even does it for you using bindparam(..., expanding=True). On the other hand some DB-API drivers adapt arrays out of the box to suitable SQL.
          – Ilja Everilä
          Nov 10 at 12:51




          @stevenwade Format is never the real way, unleas you mean formatting the required placeholders for the list values, and SQLAlchemy even does it for you using bindparam(..., expanding=True). On the other hand some DB-API drivers adapt arrays out of the box to suitable SQL.
          – Ilja Everilä
          Nov 10 at 12:51

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f19314342%2fpython-sqlalchemy-pass-parameters-in-connection-execute%23new-answer', 'question_page');

          );

          Post as a guest














































































          這個網誌中的熱門文章

          How to read a connectionString WITH PROVIDER in .NET Core?

          Node.js Script on GitHub Pages or Amazon S3

          Museum of Modern and Contemporary Art of Trento and Rovereto