2

Here I see the suggested way of building queries with python and sqlite3:

t = ('RHAT',)
c.execute('SELECT * FROM stocks WHERE symbol=?', t)
print(c.fetchone())

How do I print the query instead of the result? I know it's not a string, and so a "print sql" statement wouldn't work. In my case, I am running flask and I want to have this code responding to an API invocation:

...
cur = conn.cursor()
arguments = (username, password, )
query = 'SELECT * FROM logins where ((username = ?) AND (password = ?));', arguments
return(query)
...

I would expect to see this query, not to execute it. However, I receive this output:

ValueError: too many values to unpack (expected 2)

Furthermore, I didn't see any method that exports the last query issued in the SQLite.

Improve this question
1
  • FWIW, if this was postgres, which I am well aware it isn't, then the mogrify function supports showing the full query string after substitutions. Commented Dec 29, 2020 at 7:26

1 Answer 1

Reset to default
0

This might not be the answer you're looking for, but you can format the query as a string using python string format and print, before formatting again using db-api within the c.execute() statement. As long as you only format the executed query with db-api, you're not at risk from sql injection.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This won't woek unless the OP manually quotes the values in the query, which rather defeats the object,

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.