SQL无序通配符搜索（术语的变量个数）

Question

如果要搜索包含单词“十六进制”和“螺母”我会用这样的查询的描述：

cursor.execute("SELECT description FROM %s WHERE description LIKE %?% AND 
    description LIKE %?%" % table_name , ["hex", "nut" ]) 

但是，如果用户现在想要搜索包含5个术语的描述？

以前在纯SQL我写了这样的事情，产生我的结果：

base = """ 
SELECT description FROM {0} 
WHERE 
""".format(table_name) 
command = base 
# Adding "AND" for each term 
for i in range(len(search_terms)): 
    # Last portion of the SQL query 
    if i == (len(search_terms) - 1): 
     command += " description LIKE '%{0}%'".format(search_terms[i]) 
    else: 
     command += " description LIKE '%{0}%' AND ".format(search_terms[i]) 
command = command.replace("\n", "") 
cursor.execute(command) 

但是我希望有使用SQLite和SQL查询这样做的更好的方法。我知道我可以将所有数据加载到内存中，并使用纯Python来实现我想要的，但我想要SQL。那么有没有一个优雅和安全的方式来做到这一点？

我是新来的stackoverflow和SQL，让我知道如果我问我的问题是错的。

Answer 1

考虑一个列表理解与蟒蛇的str.join：

table_name = 'prices'         # EXAMPLE 
command = """ SELECT description FROM {0} WHERE """.format(table_name) 

search_terms = ['hex', 'nut', 'screw', 'bolt', 'nail'] # EXAMPLE 
where = ' AND '.join(["description LIKE '%?%'" for i in search_terms]) 

command = command + where  
print(command) 
# SELECT description FROM prices WHERE description LIKE %?% AND description LIKE %?% 
#   AND description LIKE %?% AND description LIKE %?% AND description LIKE %?% 

cursor.execute(command, search_terms)     # PARAMETERIZED QUERY