sqlparams is a utility package for converting between various SQL
parameter styles. This can simplify the use of SQL parameters in queries by
allowing the use of named parameters where only ordinal are supported. Some
Python DB API 2.0_ compliant modules only support the ordinal qmark or
format style parameters (e.g., pyodbc_ only supports qmark). This
package provides a helper class, SQLParams_, that is used to convert
from any parameter style (qmark, numeric, named, format, pyformat;
and the non-standard numeric_dollar and named_dollar), and have them
safely converted to the desired parameter style.
.. _Python DB API 2.0: http://www.python.org/dev/peps/pep-0249/
.. _pyodbc: https://github.com/mkleehammer/pyodbc
You first create an SQLParams_ instance specifying the named
parameter style you're converting from, and what ordinal style you're
converting to. Let's convert from named to qmark style::
import sqlparams query = sqlparams.SQLParams('named', 'qmark')
Now, lets to convert a simple SQL SELECT query using the SQLParams.format_
method which accepts an SQL query, and a dict of parameters::
sql, params = query.format('SELECT * FROM users WHERE name = :name;', {'name': "Thorin"})
This returns the new SQL query using ordinal qmark parameters with the
corresponding list of ordinal parameters, which can be passed to the
.execute()_ method on a database cursor::
print sql SELECT * FROM users WHERE name = ?; print params ['Thorin']
.. _.execute(): http://www.python.org/dev/peps/pep-0249/#id15
tuple\ s are also supported which allows for safe use of the SQL IN operator::
sql, params = query.format("SELECT * FROM users WHERE name IN :names;", {'names': ("Dori", "Nori", "Ori")}) print sql SELECT * FROM users WHERE name in (?,?,?); print params ['Dori', 'Nori', 'Ori']
You can also format multiple parameters for a single, shared query useful with
the .executemany()_ method of a database cursor::
sql, manyparams = query.formatmany("UPDATE users SET age = :age WHERE name = :name;", [{'name': "Dwalin", 'age': 169}, {'name': "Balin", 'age': 178}]) print sql UPDATE users SET age = ? WHERE name = ?; print manyparams [[169, 'Dwalin'], [178, 'Balin']]
.. _.executemany(): http://www.python.org/dev/peps/pep-0249/#executemany
Please note that if an expanded tuple is used in SQLParams.formatmany,
the tuple must be the same size in each of the parameter lists. Otherwise, you
might well use SQLParams.format in a for-loop.
The source code for sqlparams is available from the GitHub repo
cpburnz/python-sql-parameters_.
.. _cpburnz/python-sql-parameters: https://github.com/cpburnz/python-sql-parameters.git
sqlparams can be installed from source with::
python setup.py install
sqlparams is also available for install through PyPI_::
pip install sqlparams
.. _PyPI: http://pypi.python.org/pypi/sqlparams
Documentation for sqlparams is available on Read the Docs_.
.. _Read the Docs: https://python-sql-parameters.readthedocs.org
.. _SQLParams: https://python-sql-parameters.readthedocs.io/en/latest/sqlparams.html#sqlparams.SQLParams
.. _SQLParams.format: https://python-sql-parameters.readthedocs.io/en/latest/sqlparams.html#sqlparams.SQLParams.format
.. _SQLParams.formatmany: https://python-sql-parameters.readthedocs.io/en/latest/sqlparams.html#sqlparams.SQLParams.formatmany
New features:
Issue #11/Pull #12: Support Oracle named parameters enclosed in double quotes (style named_oracle).Improvements:
.. _Issue #11: https://github.com/cpburnz/python-sqlparams/issues/11
.. _Pull #12: https://github.com/cpburnz/python-sqlparams/pull/12
Improvements:
LiteralString_... _LiteralString: https://docs.python.org/3/library/typing.html#typing.LiteralString
pyproject.toml_ and build backend to setuptools.build_meta_ which may have unforeseen consequences.Issue #8_.Issue #9_.python-sql-parameters_ to python-sqlparams_... _pyproject.toml: https://pip.pypa.io/en/stable/reference/build-system/pyproject-toml/
.. _setuptools.build_meta: https://setuptools.pypa.io/en/latest/build_meta.html
.. _Issue #8: https://github.com/cpburnz/python-sqlparams/issues/8
.. _Issue #9: https://github.com/cpburnz/python-sqlparams/issues/9
.. _python-sql-parameters: https://github.com/cpburnz/python-sql-parameters
.. _python-sqlparams: https://github.com/cpburnz/python-sqlparams
Issue #10_: When converting to 'format'/'pyformat' types, escape existing '%' characters.escape_char=True to unescape double '%' characters... _Issue #10: https://github.com/cpburnz/python-sqlparams/issues/10
named to in_style on sqlparams.SQLParams.ordinal to out_style on sqlparams.SQLParams.match and replace from sqlparams.SQLParams which
should have been private.Issue #4_.Issue #7_: Support dollar sign style for numeric and named parameters... _Issue #4: https://github.com/cpburnz/python-sqlparams/issues/4
.. _Issue #7: https://github.com/cpburnz/python-sqlparams/issues/7
issue 1_... _issue 1: https://github.com/cpburnz/python-sqlparams/issues/1
FAQs
Convert between various DB API 2.0 parameter styles.
We found that sqlparams demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.
Security News
Research
Socket researchers found a malicious Maven package impersonating the legitimate ‘XZ for Java’ library, introducing a backdoor for remote code execution.