Imploding a list for use in a Python MySQL IN clause

Use the list_of_ids directly:

format_strings=",".join(['%s'] * len(list_of_ids))
cursor.execute("DELETE FROM WHERE baz IN (%s)" % format_strings,

That way you avoid having to quote yourself, and avoid all kinds of sql injection.

Note that the data (list_of_ids) is going directly to mysql’s driver, as a parameter (not in the query text) so there is no injection. You can leave any chars you want in the string, no need to remove or quote chars.

Leave a Comment