MySQL參數化查詢我很難使用MySQLdb模塊將信息插入到我的數據庫中。我需要在表中插入6個變量。cursor.execute ("""
INSERT INTO Songs (SongName, SongArtist, SongAlbum, SongGenre, SongLength, SongLocation)
VALUES
(var1, var2, var3, var4, var5, var6)
""")有誰能幫我解決這里的語法問題嗎?
5 回答
千巷貓影
TA貢獻1829條經驗 獲得超7個贊
不正確(涉及安全問題)
c.execute("SELECT * FROM foo WHERE bar = %s AND baz = %s" % (param1, param2))正確(帶轉義)
c.execute("SELECT * FROM foo WHERE bar = %s AND baz = %s", (param1, param2))printfpython-sqlite).
茅侃侃
TA貢獻1842條經驗 獲得超22個贊
some_dictionary_with_the_data = {
'name': 'awesome song',
'artist': 'some band',
etc...}cursor.execute ("""
INSERT INTO Songs (SongName, SongArtist, SongAlbum, SongGenre, SongLength, SongLocation)
VALUES
(%(name)s, %(artist)s, %(album)s, %(genre)s, %(length)s, %(location)s)
""", some_dictionary_with_the_data)
青春有我
TA貢獻1784條經驗 獲得超8個贊
cursor.execute ("""
UPDATE animal SET name = %s
WHERE name = %s
""", ("snake", "turtle"))
print "Number of rows updated: %d" % cursor.rowcountcursor.execute ("""
INSERT INTO Songs (SongName, SongArtist, SongAlbum, SongGenre, SongLength, SongLocation)
VALUES
(%s, %s, %s, %s, %s, %s)
""", (var1, var2, var3, var4, var5, var6))添加回答
舉報
0/150
提交
取消