return version(con)
-def sql(query: str, values: Sequence = (), version_check: bool = True) -> tuple:
+def sql(
+ query: str,
+ values: Sequence = (),
+ version_check: bool = True,
+ params: Sequence = (),
+) -> tuple:
"""
Executes a SQL command to usda.sqlite3
@param query: Input SQL query
- @param values: Union[tuple, list] Leave as empty tuple for no values,
- e.g. bare query. Populate a tuple for a single insert. And use a list for
- cur.executemany()
- @param version_check: Ignore mismatch version, useful for "meta" commands
+ @param values: Union[tuple, list] (Deprecated: use params)
+ @param version_check: Ignore mismatch version
+ @param params: bind parameters
@return: List of selected SQL items
"""
con = usda_sqlite_connect(version_check=version_check)
+ # Support params alias
+ _values = params if params else values
+
# TODO: support argument: _sql(..., params=params, ...)
- return _sql(con, query, db_name="usda", values=values)
+ return _sql(con, query, db_name="usda", values=_values)
if not _food_ids:
query = "SELECT * FROM food_des;"
+ params = ()
else:
- # TODO: does sqlite3 driver support this? cursor.executemany() ?
- query = "SELECT * FROM food_des WHERE id IN (%s);"
- food_ids = ",".join(str(x) for x in set(_food_ids))
- query = query % food_ids
+ # Generate placeholders for IN clause
+ placeholders = ",".join("?" for _ in _food_ids)
+ query = f"SELECT * FROM food_des WHERE id IN ({placeholders});" # nosec: B608
+ params = tuple(_food_ids)
- rows, _, _, _ = sql(query)
+ rows, _, _, _ = sql(query, params=params)
return list(rows)
WHERE
serv.food_id IN (%s);
"""
- # FIXME: support this kind of thing by library code & parameterized queries
- food_ids = ",".join(str(x) for x in set(_food_ids))
- rows, _, _, _ = sql(query % food_ids)
+ # Dynamically generate placeholders
+ placeholders = ",".join("?" for _ in _food_ids)
+ query = query % placeholders
+ rows, _, _, _ = sql(query, params=tuple(_food_ids))
return list(rows)
WHERE
food_des.id IN (%s);
"""
- # TODO: parameterized queries
- food_ids_concat = ",".join(str(x) for x in set(food_ids))
- rows, _, _, _ = sql(query % food_ids_concat)
+ # parameterized queries
+ placeholders = ",".join("?" for _ in food_ids)
+ query = query % placeholders
+ rows, _, _, _ = sql(query, params=tuple(food_ids))
return list(rows)
FROM
nut_data
WHERE
- nutr_id = %s
- OR nutr_id = %s
+ nutr_id = ?
+ OR nutr_id = ?
ORDER BY
food_id;
"""
- # TODO: parameterized queries
- rows, _, _, _ = sql(query % (NUTR_ID_KCAL, nutrient_id))
+ # Parameterized query
+ rows, _, _, _ = sql(query, params=(NUTR_ID_KCAL, nutrient_id))
return list(rows)
LEFT JOIN nut_data kcal ON food.id = kcal.food_id
AND kcal.nutr_id = 208
WHERE
- nut_data.nutr_id = %s
+ nut_data.nutr_id = ?
ORDER BY
nut_data.nutr_val DESC;
"""
- # TODO: parameterized queries
- rows, _, _, _ = sql(query % nutr_id)
+ # Parameterized query
+ rows, _, _, _ = sql(query, params=(nutr_id,))
return list(rows)
AND kcal.nutr_id = 208
AND kcal.nutr_val > 0
WHERE
- nut_data.nutr_id = %s
+ nut_data.nutr_id = ?
ORDER BY
(nut_data.nutr_val / kcal.nutr_val) DESC;
"""
- # TODO: parameterized queries
- rows, _, _, _ = sql(query % nutr_id)
+ # Parameterized query
+ rows, _, _, _ = sql(query, params=(nutr_id,))
return list(rows)
projects / nutratech / cli.git / commitdiff