Parameterized Statements
The following code example shows how to bind parameters to create parameterized statements.
Single-Use Statements
The execute method accepts an additional sequence for binding query parameters to values.
cursor.execute("SELECT Id, Name FROM Files WHERE ParentPath = ?", ("/Test Folder",)) for (Id, Name) in cursor: print("Id = {}, Name = {}".format(Id, Name))
Multi-Use Statements
The executemany method can be used to execute the same query repeatedly with different sets of parameters. Instead of a sequence of parameters, executemany accepts a nested sequence of parameters which are used for each execution.
executemany works only with INSERT, UPDATE and DELETE statements. It cannot be used with any operation that returns results, such as a SELECT or an EXECUTE.
params = [ ("John 1",), ("John 2",), ("John 3",), ] cursor.executemany("INSERT INTO Files (Name) VALUES (?)", params)