无法将 python 元组作为 WHERE IN SQL 子句中的输入?
Can't get python tuple as input in WHERE IN SQL clause?
Python代码:
查询是一个 UPDATE 查询,错误只是说明元组有问题,它作为参数传递给 IN 子句
pyList是Python列表,DBOBJ是连接对象
pyTuple = tuple(pyList)
print(pyTuple)
pyTupleSQLFormat = DBOBJ.string_literal(pyTuple)
print(pyTupleSQLFormat)
query = "UPDATE seats SET isReserved = 1 WHERE screen_name='{}' AND seat_number IN %s".format(screenname)
args = (pyTupleSQLFormat,)
CurOBJ.execute(query,args)
控制台输出:Python
('B1', 'B2', 'A6', 'A7')
b"'(\'B1\', \'B2\', \'A6\', \'A7\')'"
(1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\'(\\\'B1\\\', \\\'B2\\\', \\\'A6\\\', \\\'A7\\\')\''' at line 1")
string_literal(...) 似乎正在准备将对象插入到 char/text 字段中,而不是以可以附加到查询的方式对其进行字符串化。
您可以通过 dynamically building parameter placeholders 将元组内容作为附加参数传递给您的查询。这具有使用参数化避免 SQL 注入和相关问题的额外优势。
screen_name = "example"
seat_numbers = [1, 2, 3, 4]
args = tuple([screen_name] + seat_numbers)
query = """
UPDATE
seats
SET
isReserved = 1
WHERE
screen_name=%s AND
seat_number IN ({placeholders})
""".format(
placeholders=",".join(["%s"] * len(seat_numbers)),
)
print(query)
print(args)
cursor.execute(query, args)
Python代码:
查询是一个 UPDATE 查询,错误只是说明元组有问题,它作为参数传递给 IN 子句
pyList是Python列表,DBOBJ是连接对象
pyTuple = tuple(pyList)
print(pyTuple)
pyTupleSQLFormat = DBOBJ.string_literal(pyTuple)
print(pyTupleSQLFormat)
query = "UPDATE seats SET isReserved = 1 WHERE screen_name='{}' AND seat_number IN %s".format(screenname)
args = (pyTupleSQLFormat,)
CurOBJ.execute(query,args)
控制台输出:Python
('B1', 'B2', 'A6', 'A7')
b"'(\'B1\', \'B2\', \'A6\', \'A7\')'"
(1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\'(\\\'B1\\\', \\\'B2\\\', \\\'A6\\\', \\\'A7\\\')\''' at line 1")
string_literal(...) 似乎正在准备将对象插入到 char/text 字段中,而不是以可以附加到查询的方式对其进行字符串化。
您可以通过 dynamically building parameter placeholders 将元组内容作为附加参数传递给您的查询。这具有使用参数化避免 SQL 注入和相关问题的额外优势。
screen_name = "example"
seat_numbers = [1, 2, 3, 4]
args = tuple([screen_name] + seat_numbers)
query = """
UPDATE
seats
SET
isReserved = 1
WHERE
screen_name=%s AND
seat_number IN ({placeholders})
""".format(
placeholders=",".join(["%s"] * len(seat_numbers)),
)
print(query)
print(args)
cursor.execute(query, args)