python 9 lines · 1 tab

Parameterized queries in Python with psycopg

Kai Nakamura Apr 2026
1 tab
import psycopg

with psycopg.connect(conninfo) as connection:
    with connection.cursor() as cursor:
        cursor.execute(
            'SELECT id, email FROM users WHERE email = %s',
            (email,),
        )
        record = cursor.fetchone()
1 file · python Explain with highlit

Even outside ORMs, parameterized database access needs to be the default habit. The query string should describe structure while the driver binds user values separately. That sounds basic, but it is still where too many internal tools quietly fail security review.

Share this code

Here's the card — post it anywhere.

Parameterized queries in Python with psycopg — share card
Link copied