编辑:请,正如@rspeer在评论中提到的那样,请务必采取预防措施以保护自己免受SQL注入攻击。
使用pg8000(与PostgreSQL数据库引擎的DB-API
2.0兼容的Pure-Python接口)进行测试:
这是将多个参数传递给“ IN”子句的推荐方法。
params = [3,2,1]stmt = 'SELECt * FROM table WHERe id IN (%s)' % ','.join('%s' for i in params)cursor.execute(stmt, params)另一个编辑(经过充分测试且有效的示例):
>>> from pg8000 import DBAPI>>> conn = DBAPI.connect(user="a", database="d", host="localhost", password="p")>>> c = conn.cursor()>>> prms = [1,2,3]>>> stmt = 'SELECt * FROM table WHERe id IN (%s)' % ','.join('%s' for i in prms)>>> c.execute(stmt,prms)>>> c.fetchall()((1, u'myitem1'), (2, u'myitem2'), (3, u'myitem3'))
