PymySQL 插入和更新分离请求到参数值
PymySQL insert and update separing request to param values
我将我的请求与值分开以获得更高的安全性,将 pymysql 用于 python 2.7。
我有动态参数,所以我正在使用 .join() 来构建我的请求。
我是这样做的:
def updateItem(self, table, body, where):
print 'updateItem'
if body is not None:
if body["data"]:
key_list = []
for key, data in zip(body['keys'], body['data']):
placeholder = '{} = '.format(key) + '%s'
key_list.extend([placeholder])
val_list = ", ".join(key_list)
req = """UPDATE """ +table+ """ SET {values} WHERE {where_key}={where_value};""".format(table=table, values=val_list, where_key=where[0], where_value=where[1])
print req
params = '"' + '", "'.join(body['data']) + '"'
print params
return self.update(req, (params))
并且:
def update(self, request, params):
print request
try:
affected_rows = self.cursor.execute(request, params)
self.connexion.commit()
logger.info("Affected rows: " + str(affected_rows))
return affected_rows
except Exception as e:
raise e
第一个打印给我:
UPDATE organizations SET uuid = %s, permaname = %s, name = %s,
short_description = %s, description = %s, website = %s, is_startup =
%s, is_corporate = %s, logo = %s, headcount_min = %s, headcount_max =
%s, is_closed = %s, number_of_investments = %s WHERE
uuid=3325e470-542a-44cd-b094-3fcfd55bb32c;
第二个是:
"c7ba44f9-xxx-4a7b-89b0-xxxxx", "xxx-2",
"xxxxxxx", "xxxxxxx is your higher xxxxxx advisor, guiding
you to the xxxright course and xxxxx and the No. 1 xxxxx site
in xxxxx.", "xxxxx is your higher xxxx advisor, guiding
you to the xxxx xxxx and xxx and the Noxxxxxxx xxx site
in xxxxx.", "http://xxxxxxxxx.my/", "0", "1",
"http://xxx.xxxxx.xx/t_api_images/xxxxx/rgyzkulb0mslq9qbvien.jpg",
"51", "100", "0", "0"
我收到此错误消息:
not enough arguments for format string: TypeError Traceback (most
recent call last): File "/var/task/setter_organizations.py", line 38,
in handler structured_data.insert() File
"/var/task/setter_organizations.py", line 109, in insert
self.update(["uuid", uuid]) File "/var/task/setter_organizations.py",
line 112, in update self.rds.updateItem(self.type, self.data, where)
File "/var/task/RDS/rds.py", line 87, in updateItem return
self.update(req, (params)) File "/var/task/RDS/rds.py", line 51, in
update raise e TypeError: not enough arguments for format string
有 13 个键和 13 个值。
我无法弄清楚我的代码有什么问题,有人可以帮助我吗?
我也不知道如果我的字段中有 " 或 ' 之类的引号,那么任何答案都很好。
请查看我在此处给出的类似问题的答案:
对于 13 个参数,您可以将其修改为如下所示:
cur.execute('UPDATE table_name SET arg1=%s, num=1 where arg2=%s and arg3=%s and ...upto 13 args',(val1, val2,val3,...upto 13 values))
编辑:(1 个 where 子句的 13 个值更新)
cur.execute('UPDATE table_name SET arg1=%s, arg2=%s, arg3=%s, ...upto 13 args where where_column=val',(val1, val2,val3,...upto 13 values))
我将我的请求与值分开以获得更高的安全性,将 pymysql 用于 python 2.7。
我有动态参数,所以我正在使用 .join() 来构建我的请求。
我是这样做的:
def updateItem(self, table, body, where):
print 'updateItem'
if body is not None:
if body["data"]:
key_list = []
for key, data in zip(body['keys'], body['data']):
placeholder = '{} = '.format(key) + '%s'
key_list.extend([placeholder])
val_list = ", ".join(key_list)
req = """UPDATE """ +table+ """ SET {values} WHERE {where_key}={where_value};""".format(table=table, values=val_list, where_key=where[0], where_value=where[1])
print req
params = '"' + '", "'.join(body['data']) + '"'
print params
return self.update(req, (params))
并且:
def update(self, request, params):
print request
try:
affected_rows = self.cursor.execute(request, params)
self.connexion.commit()
logger.info("Affected rows: " + str(affected_rows))
return affected_rows
except Exception as e:
raise e
第一个打印给我:
UPDATE organizations SET uuid = %s, permaname = %s, name = %s, short_description = %s, description = %s, website = %s, is_startup = %s, is_corporate = %s, logo = %s, headcount_min = %s, headcount_max = %s, is_closed = %s, number_of_investments = %s WHERE uuid=3325e470-542a-44cd-b094-3fcfd55bb32c;
第二个是:
"c7ba44f9-xxx-4a7b-89b0-xxxxx", "xxx-2", "xxxxxxx", "xxxxxxx is your higher xxxxxx advisor, guiding you to the xxxright course and xxxxx and the No. 1 xxxxx site in xxxxx.", "xxxxx is your higher xxxx advisor, guiding you to the xxxx xxxx and xxx and the Noxxxxxxx xxx site in xxxxx.", "http://xxxxxxxxx.my/", "0", "1", "http://xxx.xxxxx.xx/t_api_images/xxxxx/rgyzkulb0mslq9qbvien.jpg", "51", "100", "0", "0"
我收到此错误消息:
not enough arguments for format string: TypeError Traceback (most recent call last): File "/var/task/setter_organizations.py", line 38, in handler structured_data.insert() File "/var/task/setter_organizations.py", line 109, in insert self.update(["uuid", uuid]) File "/var/task/setter_organizations.py", line 112, in update self.rds.updateItem(self.type, self.data, where) File "/var/task/RDS/rds.py", line 87, in updateItem return self.update(req, (params)) File "/var/task/RDS/rds.py", line 51, in update raise e TypeError: not enough arguments for format string
有 13 个键和 13 个值。 我无法弄清楚我的代码有什么问题,有人可以帮助我吗?
我也不知道如果我的字段中有 " 或 ' 之类的引号,那么任何答案都很好。
请查看我在此处给出的类似问题的答案:
对于 13 个参数,您可以将其修改为如下所示:
cur.execute('UPDATE table_name SET arg1=%s, num=1 where arg2=%s and arg3=%s and ...upto 13 args',(val1, val2,val3,...upto 13 values))
编辑:(1 个 where 子句的 13 个值更新)
cur.execute('UPDATE table_name SET arg1=%s, arg2=%s, arg3=%s, ...upto 13 args where where_column=val',(val1, val2,val3,...upto 13 values))