ColossalBoar
Reputation: 101
Error Passing Variable to SQL Query Python
Error message 'Execution failed on sql ... expecting string, unicode or buffer object' is returned when trying to pass a Python string variable to a SQL query using cx_Oracle. Any help on this issue is greatly appreciated, thanks!
import pandas as pd
import cx_Oracle as ora
var = 'string'
conn = ora.connect('connection_string')
df = pd.read_sql(("SELECT * FROM table WHERE field LIKE '%s'", (var)), conn)
df.head()
Upvotes: 1
Views: 1105
Answers (2)
mechanical_meat
Reputation: 169524
To avoid the chance of SQL-injection attack you should pass the variable in the params keyword argument:
df = pdsql.read_sql("""SELECT *
FROM table
WHERE field LIKE %(var)s""", conn, params={'var':'string%',})
Upvotes: 3
marcinowski
Reputation: 359
pd.read_sql("SELECT * FROM table WHERE field LIKE '{}'".format(var), conn)
This should do it. You were trying to pass a tuple to a function instead of string/unicode object.
Upvotes: 1
Related Questions
- Python SQL query returns "ORA-00936: missing expression" when I replace hard-coded value with variable
- ORA-01036: illegal variable name/number in python
- Illegal Variable Name/Number when Passing in Python List
- Declare a variable in oracle in a python SQL query
- Python cx_Oracle binding in SQL query gives ORA-01036: illegal variable name/number
- Error passing pandas query to sql database
- Binding variables to SQLAlchemy query for Pandas.read_sql
- Python Oracle SQL script pass argument by using same variable at once
- Python cx_Oracle SQL with bind string variable
- Error in using variables in SQL statement in Python?