Parametrizing TOP value in tsql and pyodbc

2020-04-23 06:03发布

I try to parametrize number of top rows to get from table.

I tried it with

db.cursor.execute(
        '''
        SELECT TOP ? VALUE FROM mytable 
        WHERE param = ? 
        ''',
        top_value, param
    )

and it showed

pyodbc.ProgrammingError: ('42000', "[42000] [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Incorrect syntax near '@P1'. (102) (SQLExecDirectW)")

with string interpolation like bellow it works.

    db.cursor.execute(
        f'''
        SELECT TOP {top_limit} VALUE FROM mytable 
        WHERE SITE_SK_FK = ? 
        ''',
        param
    )

Do I need to pass it as parameter, or string interpolation is good enough?

标签： python tsql pyodbc

2条回答

够拽才男人

2楼-- · 2020-04-23 06:20

You can use string formatting for the TOP (and a proper parameter for the WHERE) provided that top_limit is an int so there is very little danger of SQL Injection issues.

0人赞添加讨论(0) 举报

爱情/是我丢掉的垃圾

3楼-- · 2020-04-23 06:29

You can parameterize top by surrounding the value with parenthesis:

DECLARE @Top int = 5;

With Tally(N) AS
(
    SELECT ROW_NUMBER() OVER(ORDER BY @@SPID)
    FROM sys.objects
)

-- This works just fine
SELECT TOP (@Top) N
FROM Tally;

-- This will raise an error: Incorrect syntax near '@Top'
SELECT TOP @Top N 
FROM Tally;

Applied to the code you've posted:

SELECT TOP (?) VALUE 
FROM mytable 
WHERE param = ?

0人赞添加讨论(0) 举报

Parametrizing TOP value in tsql and pyodbc

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间