Click here to Skip to main content
14,771,764 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi Team,

I and trying to fetch the data from the backend(oracle) and filter on date column.
backend data have datecolumn which have value '01-Jan-2016', but when i fetch the data its giving me value as " datetime.datetime(2016, 1, 1, 0, 0) " .
I am finding it difficult to use where condition on date column.
Please suggest me correct code.

What I have tried:

c.execute("SELECT *FROM DN_T_DSRDTL WHERE ARECOD = '%s'" % areaCD + " and " +" DSRSTA ='%s'" % dtsType + " and " + " invnum ='%s'" % invnum +
" and " + " DSRDAT = '%s'" %startDate )
Posted
Updated 18-Apr-20 5:56am

1 solution

2 very common problems are here.

The first is that your code is vulnerable to SQL Injection. You should NEVER EVER create an SQL query by piecing command strings and user data together. If you slip in a few special characters you can easily open up the entire db for all to view or delete.
As I am not fluent in Python I cannot tell you the best way to rewrite this; however this appears to be a very good sample to follow: OpenStack Docs: Parameterize Database Queries[^]

The second is DateTime. Most programming languages and databases actually store and work with DateTime objects as a number; and the only time there is a format to it is when it is converted to text for humans to read.
As previously stated, I am not fluent in Python. And you have not mentioned what type of DB you are working with. But I can tell you generally that your DB should have the appropriate data-type for your date, and when your program uses a parameterized query with the correct data-type and the database is of the same data-type; the database driver will take care of it 99.999% of the time.
   
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900