From 13c453d6105a49decb1df1694f8597c46802b281 Mon Sep 17 00:00:00 2001 From: shortcutme Date: Sat, 26 Jan 2019 20:40:34 +0100 Subject: [PATCH] Embed query values if more than 100 specified --- src/Db/DbCursor.py | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/Db/DbCursor.py b/src/Db/DbCursor.py index d0c57d9c..88d898ca 100644 --- a/src/Db/DbCursor.py +++ b/src/Db/DbCursor.py @@ -12,6 +12,12 @@ class DbCursor: self.cursor = conn.cursor() self.logging = False + def quoteValue(self, value): + if type(value) is int: + return str(value) + else: + return "'%s'" % value.replace("'", "''") + def execute(self, query, params=None): self.db.last_query_time = time.time() if isinstance(params, dict) and "?" in query: # Make easier select and insert by allowing dict params @@ -22,10 +28,20 @@ class DbCursor: for key, value in params.items(): if type(value) is list: if key.startswith("not__"): - query_wheres.append(key.replace("not__", "") + " NOT IN (" + ",".join(["?"] * len(value)) + ")") + field = key.replace("not__", "") + operator = "NOT IN" else: - query_wheres.append(key + " IN (" + ",".join(["?"] * len(value)) + ")") - values += value + field = key + operator = "IN" + if len(value) > 100: + # Embed values in query to avoid "too many SQL variables" error + query_values = ",".join(map(self.quoteValue, value)) + else: + query_values = ",".join(["?"] * len(value)) + values += value + query_wheres.append("%s %s (%s)" % + (field, operator, query_values) + ) else: if key.startswith("not__"): query_wheres.append(key.replace("not__", "") + " != ?")