Trying to build an SQL statement for execute. This works but now sure how pythonic it might be:
user_fields = ("id", "name", "email", "password", "phone")
fields = [field for field in user_fields if field != "id"] # The only field we don't want is "id"
percent_s = ["%s"] * len(fields)
fields = ",".join(fields)
percent_s = ",".join(percent_s)
sql = "INSERT INTO user_table (" + fields + ") VALUES (" + percent_s + ")"
cursor.execute(sql, row_data)
You could replace:
sql = "INSERT INTO user_table (" + fields + ") VALUES (" + percent_s + ")"
with
sql = "INSERT INTO user_table ({}) VALUES ({})".format(fields,percent_s)
If your user_fields has a fixed order, row_data must have a corresponding order. You have to ensure this somewhere. Then the position of id is also fixed. Then you can use string formatting, which leads to:
user_fields = ("id", "name", "email", "password", "phone")
sql = "INSERT INTO user_table (%s) VALUES (%s)" % (','.join(user_fields[1:], ','.join(['%s'] * (len(user_fields) - 1))
cursor.execute(sql, row_data)
%Por something, which inserts a number of comma-separated placeholders equal to the number of query parameters passed. A variant that lets you specify how many placeholders as a parameter would also be nice.{}and.format. In other words, I am currently seeing it mostly as a visual differentiator.