From: Shane Jaroch <chown_tee@proton.me>
Date: Sun, 11 Jan 2026 09:08:29 +0000 (-0500)
Subject: small additions
X-Git-Url: https://git.nutra.tk/v1?a=commitdiff_plain;h=26560e1a6fbb14a9d929dd6c641bae8c61b8d433;p=nutratech%2Fcli.git

small additions
---

diff --git a/ntclient/persistence/sql/usda/__init__.py b/ntclient/persistence/sql/usda/__init__.py
index ac41107..4434a41 100644
--- a/ntclient/persistence/sql/usda/__init__.py
+++ b/ntclient/persistence/sql/usda/__init__.py
@@ -98,19 +98,26 @@ def usda_ver() -> str:
     return version(con)
 
 
-def sql(query: str, values: Sequence = (), version_check: bool = True) -> tuple:
+def sql(
+    query: str,
+    values: Sequence = (),
+    version_check: bool = True,
+    params: Sequence = (),
+) -> tuple:
     """
     Executes a SQL command to usda.sqlite3
 
     @param query: Input SQL query
-    @param values: Union[tuple, list] Leave as empty tuple for no values,
-        e.g. bare query. Populate a tuple for a single insert. And use a list for
-        cur.executemany()
-    @param version_check: Ignore mismatch version, useful for "meta" commands
+    @param values: Union[tuple, list] (Deprecated: use params)
+    @param version_check: Ignore mismatch version
+    @param params: bind parameters
     @return: List of selected SQL items
     """
 
     con = usda_sqlite_connect(version_check=version_check)
 
+    # Support params alias
+    _values = params if params else values
+
     # TODO: support argument: _sql(..., params=params, ...)
-    return _sql(con, query, db_name="usda", values=values)
+    return _sql(con, query, db_name="usda", values=_values)
diff --git a/ntclient/persistence/sql/usda/funcs.py b/ntclient/persistence/sql/usda/funcs.py
index d8ba7fd..6ef2570 100644
--- a/ntclient/persistence/sql/usda/funcs.py
+++ b/ntclient/persistence/sql/usda/funcs.py
@@ -20,13 +20,14 @@ def sql_food_details(_food_ids: set = None) -> list:  # type: ignore
 
     if not _food_ids:
         query = "SELECT * FROM food_des;"
+        params = ()
     else:
-        # TODO: does sqlite3 driver support this? cursor.executemany() ?
-        query = "SELECT * FROM food_des WHERE id IN (%s);"
-        food_ids = ",".join(str(x) for x in set(_food_ids))
-        query = query % food_ids
+        # Generate placeholders for IN clause
+        placeholders = ",".join("?" for _ in _food_ids)
+        query = f"SELECT * FROM food_des WHERE id IN ({placeholders});"  # nosec: B608
+        params = tuple(_food_ids)
 
-    rows, _, _, _ = sql(query)
+    rows, _, _, _ = sql(query, params=params)
     return list(rows)
 
 
@@ -61,9 +62,10 @@ FROM
 WHERE
   serv.food_id IN (%s);
 """
-    # FIXME: support this kind of thing by library code & parameterized queries
-    food_ids = ",".join(str(x) for x in set(_food_ids))
-    rows, _, _, _ = sql(query % food_ids)
+    # Dynamically generate placeholders
+    placeholders = ",".join("?" for _ in _food_ids)
+    query = query % placeholders
+    rows, _, _, _ = sql(query, params=tuple(_food_ids))
     return list(rows)
 
 
@@ -80,9 +82,10 @@ FROM
 WHERE
   food_des.id IN (%s);
 """
-    # TODO: parameterized queries
-    food_ids_concat = ",".join(str(x) for x in set(food_ids))
-    rows, _, _, _ = sql(query % food_ids_concat)
+    # parameterized queries
+    placeholders = ",".join("?" for _ in food_ids)
+    query = query % placeholders
+    rows, _, _, _ = sql(query, params=tuple(food_ids))
     return list(rows)
 
 
@@ -100,13 +103,13 @@ SELECT
 FROM
   nut_data
 WHERE
-  nutr_id = %s
-  OR nutr_id = %s
+  nutr_id = ?
+  OR nutr_id = ?
 ORDER BY
   food_id;
 """
-    # TODO: parameterized queries
-    rows, _, _, _ = sql(query % (NUTR_ID_KCAL, nutrient_id))
+    # Parameterized query
+    rows, _, _, _ = sql(query, params=(NUTR_ID_KCAL, nutrient_id))
     return list(rows)
 
 
@@ -129,12 +132,12 @@ FROM
   LEFT JOIN nut_data kcal ON food.id = kcal.food_id
     AND kcal.nutr_id = 208
 WHERE
-  nut_data.nutr_id = %s
+  nut_data.nutr_id = ?
 ORDER BY
   nut_data.nutr_val DESC;
 """
-    # TODO: parameterized queries
-    rows, _, _, _ = sql(query % nutr_id)
+    # Parameterized query
+    rows, _, _, _ = sql(query, params=(nutr_id,))
     return list(rows)
 
 
@@ -159,10 +162,10 @@ FROM
     AND kcal.nutr_id = 208
     AND kcal.nutr_val > 0
 WHERE
-  nut_data.nutr_id = %s
+  nut_data.nutr_id = ?
 ORDER BY
   (nut_data.nutr_val / kcal.nutr_val) DESC;
 """
-    # TODO: parameterized queries
-    rows, _, _, _ = sql(query % nutr_id)
+    # Parameterized query
+    rows, _, _, _ = sql(query, params=(nutr_id,))
     return list(rows)
diff --git a/ntclient/services/analyze.py b/ntclient/services/analyze.py
index bfe8a24..b09f0c0 100644
--- a/ntclient/services/analyze.py
+++ b/ntclient/services/analyze.py
@@ -19,12 +19,7 @@ from ntclient import (
     NUTR_ID_KCAL,
     NUTR_ID_PROTEIN,
 )
-from ntclient.core.nutprogbar import (
-    nutrient_progress_bars,
-    print_header,
-    print_macro_bar,
-    print_nutrient_bar,
-)
+from ntclient.core.nutprogbar import print_header, print_macro_bar, print_nutrient_bar
 from ntclient.persistence.sql.usda.funcs import (
     sql_analyze_foods,
     sql_food_details,