Im trying to form a sanitised query string in Python to use in SQLite3.

Question

0

Asked: June 16, 20262026-06-16T21:54:52+00:00 2026-06-16T21:54:52+00:00

Im trying to form a sanitised query string in Python to use in SQLite3.

0

Im trying to form a sanitised query string in Python to use in SQLite3. It needs to take the ultimate form:

SELECT * FROM Players WHERE PlayerName LIKE '%bob%'

…so I can run a pattern search.

Ideally I want to have a ? in the query so I can then insert the search string when running the query and prevent Bobby Tables type events from occurring (not that I’ll have to worry about that tbh):

search_string = "bob"

query = "SELECT * FROM Players WHERE PlayerName LIKE '%?%'"

cur.execute(query, (search_string))

Running this gives me:

sqlite3.ProgrammingError: Incorrect number of bindings supplied. The
current statement uses 0, and there are 3 supplied.

So I’m pretty sure the issue is both with the use of the single quotes, percents and question marks but am fairly stuck – I can’t form the query so that python sees it needs a binding.

What is the best way round this or is there better practice for forming sanitised queries for pattern search in SQL?

UPDATE: final line was:

cur.execute(query, [('%' + search_string + '%')])

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-16T21:54:53+00:00

Editorial Team

2026-06-16T21:54:53+00:00Added an answer on June 16, 2026 at 9:54 pm

Use the lone placeholder ? after LIKE and wrap search_string with % during parameter assignment:

...
search_string = 'bob'
query = 'SELECT * FROM Players WHERE PlayerName LIKE ?'
cur.execute(query, ('%' + search_string + '%'))

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Im trying to form a sanitised query string in Python to use in SQLite3.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply