使用 python 在 mysql 中插入字符串:未知列

Inserting string in mysql using python: unknown column

首先我是初学者,在此先感谢大家的帮助:)

当我插入一个字符串时,它给我一个双错误或单错误 quotes.This 仅当我调用我创建的函数 insert() 时才会发生。但是当我只是用数字代替那些没有引号的字符串时,它正在工作。

import mysql.connector

conn = mysql.connector.connect(user="root",password='password',
       host='localhost',database='library',port='3306')
cur = conn.cursor()


def create_table():
    cur.execute("CREATE TABLE IF NOT EXISTS store 
               (id INT PRIMARY KEY, item VARCHAR(25), quantity INT, price REAL);")
    conn.commit()
    conn.close()


def insert(id, item, quantity, price):
    cur.execute("INSERT INTO store (id, quantity, price, item) 
                VALUES (%s, %s, %s, %s)" % (id, item, quantity, price))
    conn.commit()
    conn.close()



insert(50, 'test', 20, 10)

然后报错:

Traceback (most recent call last):
      File "C:\Program Files\Python36\lib\site- 
packages\mysql\connector\connection_cext.py", line 392, in cmd_query
        raw_as_string=raw_as_string)
    _mysql_connector.MySQLInterfaceError: Unknown column 'test' in 'field list'

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "C:\Users\Acer\Desktop\Remastered.py", line 128, in <module>
        insert(50, 'test', 20, 10)
      File "C:\Users\Acer\Desktop\Remastered.py", line 109, in insert
        cur.execute("INSERT INTO store (id, quantity, price, item) VALUES (%s, %s, %s, %s)" % (id, item, quantity, price))
      File "C:\Program Files\Python36\lib\site-packages\mysql\connector\cursor_cext.py", line 266, in execute
        raw_as_string=self._raw_as_string)
      File "C:\Program Files\Python36\lib\site-packages\mysql\connector\connection_cext.py", line 395, in cmd_query
        sqlstate=exc.sqlstate)
    mysql.connector.errors.ProgrammingError: 1054 (42S22): Unknown column 'test' in 'field list'
    [Finished in 0.8s with exit code 1]

您没有正确使用占位符功能。正确的行是:

cur.execute("INSERT INTO store (id, quantity, price, item) 
            VALUES (%s, %s, %s, %s)", (id, item, quantity, price))

注意 ,NOT % 这会造成严重的 SQL injection bugs.

您的查询正在扩展为类似以下内容:

INSERT INTO store (...) VALUES (1, test, 1, 1.0);

其中 test 部分根本没有被引用,而是被视为可能的列名。

您在插入语句中混淆了列的顺序,将 "INSERT INTO store (id, quantity, price, item)" 更改为 "INSERT INTO store (id, item, quantity, price)",注意名为 item 的列在哪里! 导入 mysql.connector

def create_table():
  cur.execute("CREATE TABLE IF NOT EXISTS store " \
           "(id INT PRIMARY KEY, item VARCHAR(25), quantity INT, price REAL);")
  conn.commit()
  return

def insert(id, item, quantity, price):
  cur.execute("INSERT INTO store (id, item, quantity, price)" \
            "VALUES (%s, '%s', %s, %s)" % (id, item, quantity, price))
  conn.commit()
  return

#
conn = mysql.connector.connect(user="root",
   host='localhost',database='DO',port='3306')
cur = conn.cursor()

create_table
insert(50, 'test', 20, 10)
insert(51, 'test', 20, 10)
insert(52, 'test', 20, 10)
conn.close()

来自 MySQL

mysql> select * from store;
+----+------+----------+-------+
| id | item | quantity | price |
+----+------+----------+-------+
| 50 | test |       20 |    10 |
| 51 | test |       20 |    10 |
| 52 | test |       20 |    10 |
+----+------+----------+-------+
3 rows in set (0.00 sec)

mysql>  INSERT INTO store (id, item, quantity, price) VALUES (53, 'test', 20, 10);
Query OK, 1 row affected (0.00 sec)

mysql> select * from store;
+----+------+----------+-------+
| id | item | quantity | price |
+----+------+----------+-------+
| 50 | test |       20 |    10 |
| 51 | test |       20 |    10 |
| 52 | test |       20 |    10 |
| 53 | test |       20 |    10 |
+----+------+----------+-------+
4 rows in set (0.00 sec)