当参数有时可以为 NULL 时,如何参数化 SQL 查询?
How to parameterize SQL query when the parameter can sometimes be NULL?
使用 pyodbc 我可以像这样参数化查询;
value = "testval"
query = \
"""
SELECT *
FROM TestTable
WHERE Column = ?;
"""
cursor.execute(query, value)
但问题是如果 value 是 None,查询应该是这样的;
value = None
query = \
"""
SELECT *
FROM TestTable
WHERE Column IS NULL;
"""
cursor.execute(query)
那么当 value 可以是 None 或字符串时,查询应该是什么样子;
value = get_value() # can return a string or None
query = \
"""
SELECT *
FROM TestTable
WHERE Column ???????????
"""
cursor.execute(query, value)
解决方案是使用ISO/ANSI标准NULL-安全比较:
WHERE Column IS NOT DISTINCT FROM ?
不是所有的数据库都支持这个,所以你也可以使用:
WHERE Column = ? OR (Column IS NULL AND ? IS NULL)
如果你不愿意两次传递参数,你可以将它包含在FROM子句中:
. . .
FROM . . . CROSS JOIN
(SELECT ? as compColumn) params
WHERE (Column = params.compColumn0 or (Column IS NULL and params.compColumn IS NULL)
使用 pyodbc 我可以像这样参数化查询;
value = "testval"
query = \
"""
SELECT *
FROM TestTable
WHERE Column = ?;
"""
cursor.execute(query, value)
但问题是如果 value 是 None,查询应该是这样的;
value = None
query = \
"""
SELECT *
FROM TestTable
WHERE Column IS NULL;
"""
cursor.execute(query)
那么当 value 可以是 None 或字符串时,查询应该是什么样子;
value = get_value() # can return a string or None
query = \
"""
SELECT *
FROM TestTable
WHERE Column ???????????
"""
cursor.execute(query, value)
解决方案是使用ISO/ANSI标准NULL-安全比较:
WHERE Column IS NOT DISTINCT FROM ?
不是所有的数据库都支持这个,所以你也可以使用:
WHERE Column = ? OR (Column IS NULL AND ? IS NULL)
如果你不愿意两次传递参数,你可以将它包含在FROM子句中:
. . .
FROM . . . CROSS JOIN
(SELECT ? as compColumn) params
WHERE (Column = params.compColumn0 or (Column IS NULL and params.compColumn IS NULL)