Possible Duplicate: Passing SQLite variables in Python I have a function in my script

Question

0

Asked: June 16, 20262026-06-16T01:34:51+00:00 2026-06-16T01:34:51+00:00

Possible Duplicate: Passing SQLite variables in Python I have a function in my script

0

Possible Duplicate:
Passing SQLite variables in Python

I have a function in my script that passes values to a class method, whose job it is to populate its assigned database with the variables it receives. Thing is, I’m not sure on the correct syntax since I’m not working with normal strings. Here’s the method.

def new_response(self, link_pattern, link, response, ref_id=""):
    self.db_cursor.execute('''INSERT INTO tb_memory VALUES 
    (%s, %s, %s, %s)''' % (ref_id, link_pattern, link, response))

What is the most appropriate syntactical approach?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-16T01:34:52+00:00

Editorial Team

2026-06-16T01:34:52+00:00Added an answer on June 16, 2026 at 1:34 am

Never ever use string formatting to create SQL statements! If you use string formating your program will be affected by possible SQL-injection attacks.
Use the '?' placeholder:

def new_response(self, link_pattern, link, response, ref_id=""):
    self.db_cursor.execute('''INSERT INTO tb_memory VALUES 
    (?, ?, ?, ?)''', (ref_id, link_pattern, link, response))

See the documentation for execute.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Possible Duplicate: Passing SQLite variables in Python I have a function in my script

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply