Python-MySQL :删除查询中变量值周围的单引号 while 运行 db.execute(str, vars)
Python-MySQL : removing single quotes around variable values in query while running db.execute(str, vars)
我是运行这个码
def details(self, dbsettings, payload):
res = None
with UseDatabase(dbsettings) as db:
sql = "select * from %(tablename)s where userid = %(userid)s"
result = db.run_query_vals(sql, payload)
res = result.fetchall()
return res
但出现错误
SQLError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''statuser' where userid = '14'' at line 1
传递的参数是:
sql = "select * from %(tablename)s where userid = %(userid)s"
payload = {'tablename' : 'statuser', 'userid' : 14}
据我所知,传递给 MySQL 的查询是按照
select * from 'statuser' where userid = '14'
这是我得到错误的地方; table 名称不应包含在引号中。如何在没有 quotes/make 反引号的情况下包含名称?
(我不想硬编码 table 名称 - 这是一个变量,在 class 创建期间根据不同的参数进行初始化)。有什么帮助吗?
您可以使用 python 中的字符串中的 .format():
def details(self, dbsettings, payload):
res = None
with UseDatabase(dbsettings) as db:
sql = "select * from {tablename} where userid = {userid}"
sql = sql.format(**payload)
# result = db.run_query_vals(sql, payload) # Method to run query
res = result.fetchall()
return res
我在pymysql中遇到了同样的问题,找到了解决方案:
重写class'pymysql.connections.Connection'中的转义方法,明显是在你的字符串周围添加了“'”。
不知道对你的情况是否有帮助,只是分享一个可行的方法
类似问题:
这是我的代码:
from pymysql.connections import Connection, converters
class MyConnect(Connection):
def escape(self, obj, mapping=None):
"""Escape whatever value you pass to it.
Non-standard, for internal use; do not use this in your applications.
"""
if isinstance(obj, str):
return self.escape_string(obj) # by default, it is :return "'" + self.escape_string(obj) + "'"
if isinstance(obj, (bytes, bytearray)):
ret = self._quote_bytes(obj)
if self._binary_prefix:
ret = "_binary" + ret
return ret
return converters.escape_item(obj, self.charset, mapping=mapping)
config = {'host':'', 'user':'', ...}
conn = MyConnect(**config)
cur = conn.cursor()
我是运行这个码
def details(self, dbsettings, payload):
res = None
with UseDatabase(dbsettings) as db:
sql = "select * from %(tablename)s where userid = %(userid)s"
result = db.run_query_vals(sql, payload)
res = result.fetchall()
return res
但出现错误
SQLError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''statuser' where userid = '14'' at line 1
传递的参数是:
sql = "select * from %(tablename)s where userid = %(userid)s"
payload = {'tablename' : 'statuser', 'userid' : 14}
据我所知,传递给 MySQL 的查询是按照
select * from 'statuser' where userid = '14'
这是我得到错误的地方; table 名称不应包含在引号中。如何在没有 quotes/make 反引号的情况下包含名称?
(我不想硬编码 table 名称 - 这是一个变量,在 class 创建期间根据不同的参数进行初始化)。有什么帮助吗?
您可以使用 python 中的字符串中的 .format():
def details(self, dbsettings, payload):
res = None
with UseDatabase(dbsettings) as db:
sql = "select * from {tablename} where userid = {userid}"
sql = sql.format(**payload)
# result = db.run_query_vals(sql, payload) # Method to run query
res = result.fetchall()
return res
我在pymysql中遇到了同样的问题,找到了解决方案:
重写class'pymysql.connections.Connection'中的转义方法,明显是在你的字符串周围添加了“'”。
不知道对你的情况是否有帮助,只是分享一个可行的方法
类似问题:
这是我的代码:
from pymysql.connections import Connection, converters
class MyConnect(Connection):
def escape(self, obj, mapping=None):
"""Escape whatever value you pass to it.
Non-standard, for internal use; do not use this in your applications.
"""
if isinstance(obj, str):
return self.escape_string(obj) # by default, it is :return "'" + self.escape_string(obj) + "'"
if isinstance(obj, (bytes, bytearray)):
ret = self._quote_bytes(obj)
if self._binary_prefix:
ret = "_binary" + ret
return ret
return converters.escape_item(obj, self.charset, mapping=mapping)
config = {'host':'', 'user':'', ...}
conn = MyConnect(**config)
cur = conn.cursor()