Here's the python code:
cursor.execute(textwrap.dedent("""
select *
from bundles
where bundle_id = any(%(list_of_bundle_ids))
"""), {'list_of_bundle_ids': [2,3,4,5,6,7]})
Is there more of a risk of SQL injection here by passing in a list of integers list this?
Also, is there some simple way I can pass in a list of strings that could be converted to integers, like this:
["2", "33", "444"]
When I tried passing a list containing a string, I got an "operator does not exist" error.
Finally, I feel like recently I read a blog post that described how using "= any(array[...])" was much slower than using some other approach.
But now I can't find that blog post, and I don't remember the other approach. Any ideas?
Thanks for the help!
Matt
--
W. Matthew Wilson
matt@tplus1.comhttp://tplus1.com