Both mv and ml will not be recognized, since you haven't defined them as variables.

The second argument of execute statement is a dictionary, and all the elements of your plain query "UPDATE client SET musicVol = :mv , messageVol = :ml" escaped with a colon are being searched for in this dictionary's keys. The execute method did not found a key 'mv' nor 'ml' in this dictionary, therefore an error is raised.

This is the correct version:

db.my_session.execute(
    "UPDATE client SET musicVol = :mv, messageVol = :ml",
    {'mv': music_volume, 'ml': message_volume}
)
Answer from mpiskore on Stack Overflow
🌐
Stack Overflow
stackoverflow.com › questions › 29208847 › sqlalchemy-raw-query-and-parameters
python - Sqlalchemy, raw query and parameters - Stack Overflow
Top answer
1 of 1
37

Both mv and ml will not be recognized, since you haven't defined them as variables.

The second argument of execute statement is a dictionary, and all the elements of your plain query "UPDATE client SET musicVol = :mv , messageVol = :ml" escaped with a colon are being searched for in this dictionary's keys. The execute method did not found a key 'mv' nor 'ml' in this dictionary, therefore an error is raised.

This is the correct version:

db.my_session.execute(
    "UPDATE client SET musicVol = :mv, messageVol = :ml",
    {'mv': music_volume, 'ml': message_volume}
)
🌐
Reddit
reddit.com › r/flask › flask sql alchemy - how do i get raw sql (with real parameters?)
r/flask on Reddit: Flask sql alchemy - how do I get raw SQL (with real parameters?)
July 15, 2022 -

Flask sql alchemy - how do I get raw SQL (with real parameters?)

Top answer
1 of 4
4
You mean convert a SQL alchemy query string into the SQL query itself? In that case use the as_scalar call at the end. That will give you back a query that can be executed or nested.
2 of 4
1
Sqlalchemy is a library meant to make it so you don't have to use raw sql. But if memory serves its built on top of the psycopg2 library (at least that's what my errors told me). If you wanna just use that to connect to your db. It uses regular sql commands.
Videos
🌐 youtube.com
Tutorials - Aya Elsayed, Rhythm Patel: No More Raw SQL: SQLAlchemy, ...
June 28, 2024
16:39
🌐 YouTube
SQLAlchemy: The BEST SQL Database Library in Python - YouTube
April 5, 2024
16:19
🌐 YouTube
Raw SQL, SQL Query Builder, or ORM? - YouTube
March 31, 2023
99.4K
View all
View all
🌐
SQLAlchemy
docs.sqlalchemy.org › en › 21 › faq › sqlexpressions.html
SQL Expressions — SQLAlchemy 2.1 Documentation
This functionality is provided ... the raw sql string of a query may prove useful. The above approach has the caveats that it is only supported for basic types, such as ints and strings, and furthermore if a bindparam() without a pre-set value is used directly, it won’t be able to stringify that either. Methods of stringifying all parameters unconditionally ...
🌐
Stack Overflow
stackoverflow.com › questions › 23206562 › sqlalchemy-executing-raw-sql-with-parameter-bindings
python - sqlalchemy : executing raw sql with parameter bindings - Stack Overflow
Top answer
1 of 1
88

You need to get the connection object, call execute() on it and pass query parameters as keyword arguments:

Copyfrom alembic import op
from sqlalchemy.sql import text

conn = op.get_bind()
conn.execute(
    text(
        """
            insert into field_tags 
            (id, field_id, code, description) 
            values 
            (1, 'zasz', :code , :description)
        """
    ), 
    **t
)

Also see: How to execute raw SQL in SQLAlchemy-flask app.

🌐
Reddit
reddit.com › r/flask › [af] sqlalchemy: converting a query object to raw sql & parameters and then executing it
r/flask on Reddit: [AF] SQLAlchemy: Converting a query object to raw SQL & parameters and then executing it
April 19, 2018 -

I hope that it is OK to post this question here, although it is not strictly related to Flask. I couldn't find a better place to post it.

Context: Flask, SQLAlchemy and MySQL

I am looking for a way to convert a query object to raw SQL and parameters and save this in a dictionary, in order to be able to pickle dump and load the dictionary before executing the query. How can I achieve converting the query and then executing the text and parameters with SQLAlcehmy?

I'd be eternally grateful if anyone could point me in the right direction.

Top answer
1 of 3
5
print(query) will print out the query object as a string so there's probably a to string method somewhere... But I'm wondering why you'd want this at all, is it for performance? You can use Baked Queries for that, but I've never encountered a use case where performance of query building was the bottleneck in the application.
2 of 3
4
Look at http://docs.sqlalchemy.org/en/latest/faq/sqlexpressions.html The last code block of the section titled How do I render SQL expressions as strings, possibly with bound parameters inlined? has what you need. You can see them using the compile function to eventually print the query (shown in the last grey box) and still be able to execute it. Ideally, read that entire section.
🌐
Copdips
copdips.com › 2020 › 06 › compiling-sqlalchemy-query-to-nearly-real-raw-sql-query.html
Compiling SQLAlchemy query to nearly real raw sql query - A code to remember
June 8, 2020 - from datetime import date, datetime, timedelta from sqlalchemy.orm import Query def render_query(statement, db_session): """ Generate an SQL expression string with bound parameters rendered inline for the given SQLAlchemy statement. WARNING: This method of escaping is insecure, incomplete, ...
🌐
Stack Overflow
stackoverflow.com › questions › 4617291 › how-do-i-get-a-raw-compiled-sql-query-from-a-sqlalchemy-expression
python - How do I get a raw, compiled SQL query from a SQLAlchemy expression? - Stack Overflow
Top answer
1 of 13
226

The documentation uses literal_binds to print a query q including parameters:

print(q.statement.compile(compile_kwargs={"literal_binds": True}))

the above approach has the caveats that it is only supported for basic types, such as ints and strings, and furthermore if a bindparam() without a pre-set value is used directly, it won’t be able to stringify that either.

The documentation also issues this warning:

Never use this technique with string content received from untrusted input, such as from web forms or other user-input applications. SQLAlchemy’s facilities to coerce Python values into direct SQL string values are not secure against untrusted input and do not validate the type of data being passed. Always use bound parameters when programmatically invoking non-DDL SQL statements against a relational database.

2 of 13
191

This blogpost by Nicolas Cadou provides an updated answer.

Quoting from the blog post, this is suggested and worked for me:

from sqlalchemy.dialects import postgresql
print str(q.statement.compile(dialect=postgresql.dialect()))

Where q is defined as:

q = DBSession.query(model.Name).distinct(model.Name.value) \
             .order_by(model.Name.value)

Or just any kind of session.query().

🌐
tutorialpedia
tutorialpedia.org › blog › sqlalchemy-raw-query-and-parameters
SQLAlchemy Raw Queries: How to Properly Use Parameters for Secure Execution — tutorialpedia.org
Migrating legacy SQL code into a SQLAlchemy workflow. To execute raw queries, SQLAlchemy provides the text() construct (from sqlalchemy.text), which parses SQL strings and allows parameter binding.
Find elsewhere
🌐
SQLAlchemy
docs.sqlalchemy.org › en › 20 › faq › sqlexpressions.html
SQL Expressions — SQLAlchemy 2.0 Documentation
This functionality is provided ... the raw sql string of a query may prove useful. The above approach has the caveats that it is only supported for basic types, such as ints and strings, and furthermore if a bindparam() without a pre-set value is used directly, it won’t be able to stringify that either. Methods of stringifying all parameters unconditionally ...
🌐
GeeksforGeeks
geeksforgeeks.org › how-to-execute-raw-sql-in-sqlalchemy
How to Execute Raw SQL in SQLAlchemy - GeeksforGeeks
February 28, 2022 - from sqlalchemy import text # define a tuple of dictionary of # values to be inserted data = ( { "book_id": 6, "book_price": 400, "genre": "fiction", "book_name": "yoga is science" }, { "book_id": 7, "book_price": 800, "genre": "non-fiction", "book_name": "alchemy tutorials" }, ) # write the insert statement statement = text("""INSERT INTO BOOKS (book_id, book_price, genre, book_name) VALUES(:book_id, :book_price, :genre, :book_name)""") #insert the data one after other using execute # statement by unpacking dictionary elements for line in data: engine.execute(statement, **line) # write the SQ
🌐
DEV Community
dev.to › spaceofmiah › database-interaction-with-sqlalchemy-raw-dml-dql-4bc8
Database Interaction with SQLAlchemy - Raw DML & DQL - DEV Community
October 19, 2022 - SQLAlchemy recommends executing an external source (e.g human user, automation process) data using named parameter syntax denoted with :any_given_name when using textual construct.
🌐
Atlassian
atlassian.com › data › notebook › how to execute raw sql in sqlalchemy
How to Execute Raw SQL in SQLAlchemy | Atlassian
This tutorial offers a practical approach to executing raw SQL queries in SQLAlchemy, providing clear examples and tips for efficient database management.
🌐
Sentry
sentry.io › sentry answers › flask › execute raw sql in flask-sqlalchemy application
Execute raw SQL in Flask-SQLAlchemy application | Sentry
March 15, 2024 - It is possible to achieve the same ... product_category="Fruit") Parameter binding allows us to reuse the same SQL query with different values and mitigates the risks of SQL injection when working with untrusted data....
🌐
Stack Overflow
stackoverflow.com › questions › 40879901 › setting-input-parameter-types-in-sqlalchemy-raw-sql
python - Setting input parameter types in SQLAlchemy raw SQL - Stack Overflow
Top answer
1 of 2
6

The question is a bit old already, but knowing myself, I will probably come back for this in future. This was the bit of code I was looking for:

import sqlalchemy
from sqlalchemy.sql.expression import bindparam
from sqlalchemy.types import String
from sqlalchemy.dialects.postgresql import ARRAY

DB_URI = '...'
engine = sqlalchemy.create_engine(DB_URI)

sql = text("SELECT * FROM some_table WHERE userid = :userid").bindparams(bindparam("userid", String))
res = engine.execute(sql, userid=12345)

# in particular this bit is useful when you have a list of ids
sql = text("SELECT * FROM some_table WHERE userids = :userids").bindparams(bindparam("userids", ARRAY(String)))
res = engine.execute(sql, userids=[12345, 12346, 12347])
2 of 2
-4

From what I see, there are two kind of "duh" ways to do it if I am not missing anything -

1st Way WARNING THIS IS SUSCEPTIBLE TO SQL INJECTION ATTACKS, DO NOT USE IN PRODUCTION

userid=12345 # defining here
sql = text("SELECT * FROM some_table WHERE userid = '"+userid+"'")
res = engine.execute(sql)

2nd Way

sql = text("SELECT * FROM some_table WHERE userid = :userid")
res = engine.execute(sql, userid=str(12345))
🌐
ZetCode
zetcode.com › db › sqlalchemy › rawsql
Raw SQL in SQLAlchemy - ZetCode
With the connection's execute method, we deliver a simple SELECT SQL statement. ... With the fetchone method, we retrieve a single row. From this row, we get the scalar value. ... The value is printed to the console. ... We execute the script. In the next example, we connect to the PostgreSQL database and print its version. ... #!/usr/bin/python # -*- coding: utf-8 -*- from sqlalchemy import create_engine eng = create_engine('postgresql:///testdb') con = eng.connect() rs = con.execute("SELECT VERSION()") print rs.fetchone() con.close()
🌐
SQLAlchemy
docs.sqlalchemy.org › en › 14 › core › tutorial.html
SQL Expression Language Tutorial (1.x API) — SQLAlchemy 1.4 Documentation
Above, while the values method limited the VALUES clause to just two columns, the actual data we placed in values didn’t get rendered into the string; instead we got named bind parameters. As it turns out, our data is stored within our Insert construct, but it typically only comes out when the statement is actually executed; since the data consists of literal values, SQLAlchemy automatically generates bind parameters for them.
🌐
GitHub
github.com › sqlalchemy › sqlalchemy › discussions › 9802
Is it possible to execute a literal/raw sql statement? · sqlalchemy/sqlalchemy · Discussion #9802
Author   sqlalchemy
Top answer
1 of 1
1

if you truly want to talk to the driver and exec_driver_sql() is not good enough, get yourself a cursor and there you go.

that said, I dont see what the problem with text() is, colon signs get backslash escaped, and that's it. it's fully consistent on any driver:

conn.execute(
    text(f"CREATE VIEW some_name AS {definition.replace(':', '\:')}"),
)
🌐
TestDriven.io
testdriven.io › tips › e326346d-58d0-44e0-9508-3ac89d715907
Tips and Tricks - Execute raw SQL queries in SQLAlchemy | TestDriven.io
You can use raw queries while still using SQLAlchemy models.
🌐
MoldStud
moldstud.com › articles › developers faq › python web developers questions › unlocking advanced sqlalchemy features - master raw sql queries and more
Unlocking Advanced SQLAlchemy Features - Master Raw SQL Queries and More
June 16, 2025 - For example: from sqlalchemy import ... tuples for added flexibility. Always prefer parameterized placeholders (:param) over manual string formatting to avoid SQL injection vulnerabilities....
🌐
TutorialsPoint
tutorialspoint.com › sqlalchemy › sqlalchemy_core_using_textual_sql.htm
SQLAlchemy Core - Using Textual SQL
from sqlalchemy.sql import text ... students.lastname from students where students.name between ? and ? The values of x = A and y = L are passed as parameters. Result is a list of rows with names between A and L − ·...
Related queries
sqlalchemy text
sqlalchemy execute raw sql
sqlalchemy raw sql with parameters example
sqlalchemy raw sql with parameters oracle
sqlalchemy query example
flask-sqlalchemy raw sql
sqlalchemy session execute raw sql
sqlalchemy prepared statement