1 回答

TA貢獻1789條經驗 獲得超8個贊
請參數化您的查詢以避免 SQL 注入攻擊。
if end_at and start_at:
currency = cursor.execute("""SELECT rates,date,ticker
FROM currency
WHERE ticker = %s
AND date BETWEEN SYMMETRIC %s AND %s """, (base, start_at, end_at, ))
print(cursor.query) # <--- This should log the complete query sent to the db server
要診斷手頭的問題,請執行類似這樣的操作以查看您發送的內容,但在將所有調用更改為參數化形式之前不要讓您的應用程序生效。execute()
if end_at and start_at:
query = f"""SELECT rates,date,ticker
FROM currency
WHERE ticker = '{base}'
AND date BETWEEN SYMMETRIC '{start_at}' AND '{end_at}' """
print(query)
currency = cursor.execute(query)
在修復您的查詢以使用參數后,要查看查詢中發送到服務器的內容,請使用 作為LoggingConnection您現有的替代品psycopg2.Connection,如從我如何使用 Psycopg2 的 LoggingConnection 中提取的?.
import logging
import psycopg2
from psycopg2.extras import LoggingConnection
logging.basicConfig(level=logging.DEBUG)
logger = logging.getLogger(__name__)
conn=psycopg2.connect(connection_factory=LoggingConnection, database='some_database')
conn.initialize(logger)
c = conn.cursor()
c.execute("select count(*) from some_table where id > %s", (1000, ))
使用我的基本配置,日志記錄進入控制臺:
DEBUG:__main__:b'select count(*) from some_table where id > 1000'
添加回答
舉報