将变量传递给 SQL 查询 Python 时出错
Error Passing Variable to SQL Query Python
尝试使用 cx_Oracle 将 Python 字符串变量传递给 SQL 查询时返回错误消息 'Execution failed on sql ... expecting string, unicode or buffer object'。非常感谢有关此问题的任何帮助,谢谢!
import pandas as pd
import cx_Oracle as ora
var = 'string'
conn = ora.connect('connection_string')
df = pd.read_sql(("SELECT * FROM table WHERE field LIKE '%s'", (var)), conn)
df.head()
pd.read_sql("SELECT * FROM table WHERE field LIKE '{}'".format(var), conn)
这应该可以做到。您试图将元组传递给函数而不是 string/unicode 对象。
为了避免 SQL 注入攻击的机会,您应该在 params 关键字参数中传递变量:
df = pdsql.read_sql("""SELECT *
FROM table
WHERE field LIKE %(var)s""", conn, params={'var':'string%',})
尝试使用 cx_Oracle 将 Python 字符串变量传递给 SQL 查询时返回错误消息 'Execution failed on sql ... expecting string, unicode or buffer object'。非常感谢有关此问题的任何帮助,谢谢!
import pandas as pd
import cx_Oracle as ora
var = 'string'
conn = ora.connect('connection_string')
df = pd.read_sql(("SELECT * FROM table WHERE field LIKE '%s'", (var)), conn)
df.head()
pd.read_sql("SELECT * FROM table WHERE field LIKE '{}'".format(var), conn)
这应该可以做到。您试图将元组传递给函数而不是 string/unicode 对象。
为了避免 SQL 注入攻击的机会,您应该在 params 关键字参数中传递变量:
df = pdsql.read_sql("""SELECT *
FROM table
WHERE field LIKE %(var)s""", conn, params={'var':'string%',})