SQL syntax error:1064, how to fix it?

Question

我用 python(Twisted) 编写了一个 Udp 服务器，接收 udp 消息并更新 mysql 数据库：

sql = "update `device` set `msg`='%s', `d_addr`='%s', `d_port`=%d where `did`=%d" %(msg, host, port, r[0])
try:
    txn.execute(sql)
except Exception, e:
    f = open('./err_log', 'a')
    f.write('%s\n' % e)
    f.write('%s\n' % sql)
    f.close()

err_log 中的错误信息是：

(1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '220.168.13.132', `d_port`=14058 where `did`=2' at line 1")

update `device` set `msg`='.?F/.ddd?', `d_addr`='220.168.13.132', `d_port`=14058 where `did`=2

所以，我手动执行了sql，但是没有报错：

MariaDB [kj]> update `device` set `msg`='.?F/.ddd?',
    `d_addr`='220.168.13.132', `d_port`=14058 where `did`=2;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

远程客户端发送的msg为字符串(18字节)，字符串的ascii码为：

0x86 0xAC 0xCF 0x23 0x29 ... 0xE3

Answer 1

参数化查询 并忘记与将变量插入查询相关的 SQL 语法错误。作为奖励，您使代码免受 SQL injection attacks:

的影响

sql = """
    UPDATE
        device 
    SET 
        msg = %s, 
        d_addr = %s, 
        d_port = %s 
    where 
        did = %s"""
txn.execute(sql, (msg, host, port, r[0]))

SQL syntax error:1064, how to fix it?

SQL syntax error:1064, how to fix it?

python

mysql

twisted