what safe way replace number in second-to-last line of sql query variable?
say variable customer_id. can use {} in place of 2 , put .format(customer_id) @ end of string?
unlicensed_query = """ select sum(x.quantity), sum(x.quantity * p.list_price) ( select cu.customer_id, cu.product_id, cu.quantity csi_usage cu left join csi c on cu.customer_id = c.customer_id , cu.product_id = c.product_id c.product_id null , cu.customer_id = 2) x, product p x.product_id = p.id; """
as stated thebjorn, correct way use bound parameters (http://docs.sqlalchemy.org/en/latest/core/tutorial.html#specifying-bound-parameter-behaviors). example here:
from sqlalchemy.sql import text fully_utilized_query = text(""" select sum(x.quantity) ( select cu.customer_id, cu.product_id, cu.quantity csi_usage cu join csi c on cu.customer_id = c.customer_id , cu.product_id = c.product_id , cu.quantity = c.licence_qty cu.customer_id = :customer_id) x; """) fully_utilized = self.session.execute(fully_utilized_query, {'customer_id': current_user.customer_id}).scalar() 
Comments
Post a Comment