Assembling a long string with parameters in python
Question:
Trying to assemble a longer SQL string across multiple lines in python 2.7 with parameters, similar to:
duration_sql = "select MessageTime, " +
"Value from [%s] " +
"where Subsystem=%s and " +
"Field=%s " +
"and MessageTime > %s and " +
"MessageTime < %s" % (i, j, k, l, m)
but I get a run-time error:
TypeError: not all arguments converted during string formatting
If I allow it to be one long string without line breaks it works fine. Any way I can break a long string across lines with parameters? Can’t figure out the secret sauce…
Answers:
that’s because % only applies to the last string:
"MessageTime < %s" % (i, j, k, l, m)
parenthesize your strings you’ll be fine
duration_sql = ("select MessageTime, " +
"Value from [%s] " +
"where Subsystem=%s and " +
"Field=%s " +
"and MessageTime > %s and " +
"MessageTime < %s") % (i, j, k, l, m)
also python 2.7 allows to use format which is far better (and I’m not even talking about positional/named references that str.format offers, see https://pyformat.info/)
duration_sql = ("select MessageTime, " +
"Value from [{}] " +
"where Subsystem={} and " +
"Field={} " +
"and MessageTime > {} and " +
"MessageTime < {}").format(i, j, k, l, m)
Try this instead:
duration_sql = ("select MessageTime, "
"Value from [%s] "
"where Subsystem=%s and "
"Field=%s "
"and MessageTime > %s and "
"MessageTime < %s") % (i, j, k, l, m)
With parentheses around them, you don’t need the + and the
(Also, see Kevin’s comment about not using string formatting to insert variables into database queries.)
The easiest way might be to change the ” to “””
duration_sql = """select MessageTime,
Value from [%s]
where Subsystem=%s and
Field=%s
and MessageTime > %s and
MessageTime < %s""" % (i, j, k, l, m)
And as other answers have said that you might want to avoid string formatting for SQL query, it can expose you to SQL injection
Trying to assemble a longer SQL string across multiple lines in python 2.7 with parameters, similar to:
duration_sql = "select MessageTime, " +
"Value from [%s] " +
"where Subsystem=%s and " +
"Field=%s " +
"and MessageTime > %s and " +
"MessageTime < %s" % (i, j, k, l, m)
but I get a run-time error:
TypeError: not all arguments converted during string formatting
If I allow it to be one long string without line breaks it works fine. Any way I can break a long string across lines with parameters? Can’t figure out the secret sauce…
that’s because % only applies to the last string:
"MessageTime < %s" % (i, j, k, l, m)
parenthesize your strings you’ll be fine
duration_sql = ("select MessageTime, " +
"Value from [%s] " +
"where Subsystem=%s and " +
"Field=%s " +
"and MessageTime > %s and " +
"MessageTime < %s") % (i, j, k, l, m)
also python 2.7 allows to use format which is far better (and I’m not even talking about positional/named references that str.format offers, see https://pyformat.info/)
duration_sql = ("select MessageTime, " +
"Value from [{}] " +
"where Subsystem={} and " +
"Field={} " +
"and MessageTime > {} and " +
"MessageTime < {}").format(i, j, k, l, m)
Try this instead:
duration_sql = ("select MessageTime, "
"Value from [%s] "
"where Subsystem=%s and "
"Field=%s "
"and MessageTime > %s and "
"MessageTime < %s") % (i, j, k, l, m)
With parentheses around them, you don’t need the + and the to combine strings: all the adjacent string literals get combined into one string literal.
(Also, see Kevin’s comment about not using string formatting to insert variables into database queries.)
The easiest way might be to change the ” to “””
duration_sql = """select MessageTime,
Value from [%s]
where Subsystem=%s and
Field=%s
and MessageTime > %s and
MessageTime < %s""" % (i, j, k, l, m)
And as other answers have said that you might want to avoid string formatting for SQL query, it can expose you to SQL injection