MySQL參數(shù)化查詢我很難使用MySQLdb模塊將信息插入到我的數(shù)據(jù)庫中。我需要在表中插入6個(gè)變量。cursor.execute ("""
INSERT INTO Songs (SongName, SongArtist, SongAlbum, SongGenre, SongLength, SongLocation)
VALUES
(var1, var2, var3, var4, var5, var6)
""")有誰能幫我解決這里的語法問題嗎?
5 回答
千巷貓影
TA貢獻(xiàn)1829條經(jīng)驗(yàn) 獲得超7個(gè)贊
不正確(涉及安全問題)
c.execute("SELECT * FROM foo WHERE bar = %s AND baz = %s" % (param1, param2))正確(帶轉(zhuǎn)義)
c.execute("SELECT * FROM foo WHERE bar = %s AND baz = %s", (param1, param2))printfpython-sqlite).
茅侃侃
TA貢獻(xiàn)1842條經(jīng)驗(yàn) 獲得超22個(gè)贊
some_dictionary_with_the_data = {
'name': 'awesome song',
'artist': 'some band',
etc...}cursor.execute ("""
INSERT INTO Songs (SongName, SongArtist, SongAlbum, SongGenre, SongLength, SongLocation)
VALUES
(%(name)s, %(artist)s, %(album)s, %(genre)s, %(length)s, %(location)s)
""", some_dictionary_with_the_data)
青春有我
TA貢獻(xiàn)1784條經(jīng)驗(yàn) 獲得超8個(gè)贊
cursor.execute ("""
UPDATE animal SET name = %s
WHERE name = %s
""", ("snake", "turtle"))
print "Number of rows updated: %d" % cursor.rowcountcursor.execute ("""
INSERT INTO Songs (SongName, SongArtist, SongAlbum, SongGenre, SongLength, SongLocation)
VALUES
(%s, %s, %s, %s, %s, %s)
""", (var1, var2, var3, var4, var5, var6))添加回答
舉報(bào)
0/150
提交
取消