cx_oracle 从 CSV 读取
cx_oracle reading from CSV
我有一个 cx_oracle 连接,我正在寻找 运行 一个 'batch' 尝试从 CSV 文件中的姓氏收集 ID。下面是我的代码,其中出现 cx_Oracle.DatabaseError: ORA-01756: quoted string not properly terminated 错误。
它指向行
and spriden_change_ind is null'''.format(lname,fname)
但是我知道这是有效的,因为您会看到我的注释代码以这种方式使用格式并且它工作得很好。 rows_to_dict_list 是我前段时间在这里找到的一个很好的函数,基本上可以将列名添加到输出中。
任何方向都很好!谢谢
import csv, cx_Oracle
def rows_to_dict_list(cursor):
columns = [i[0] for i in cursor.description]
new_list = []
for row in cursor:
row_dict = dict()
for col in columns:
row_dict[col] = row[columns.index(col)]
new_list.append(row_dict)
return new_list
connection = cx_Oracle.connect('USERNAME','PASSWORD','HOSTNAME:PORTNUMBER/SERVICEID')
cur = connection.cursor()
printHeader = True
with open('nopnumber_names.csv')as csvfile:
reader = csv.DictReader(csvfile)
for row in reader:
lname = row['Last']
fname = row['First']
cur.execute('''select spriden_pidm as PIDM,
spriden_last_name as Last,
spriden_first_name as First,
spriden_mi as Middle,
spriden_ID as ID
from spriden
where upper(spriden_last_name) = '{0}'
and upper(spriden_first_name) = '{1}'
and spriden_change_ind is null'''.format(lname,fname)
)
# THIS RECORD RUNS FINE
# cur.execute('''select spriden_pidm as PIDM,
# spriden_ID as ID,
# spriden_last_name as Last,
# spriden_first_name as First
# from spriden
# where spriden_pidm = '{}'
# and spriden_change_ind is null'''.format(99999)
# )
data = rows_to_dict_list(cur)
for row in data:
print row
cur.close()
connection.close()
我最好的猜测是 CSV 文件中某处的名字或姓氏中有一个 '
字符。
您确实不应该通过连接字符串或使用字符串格式来构建 SQL。如果您这样做,您将面临 SQL injection 的风险。如果有人在您的 CSV 文件中添加了姓氏 X' OR 1=1 --
的记录会怎样?
相反,使用绑定参数将变量值发送到数据库。尝试以下操作:
cur.execute('''select spriden_pidm as PIDM,
spriden_last_name as Last,
spriden_first_name as First,
spriden_mi as Middle,
spriden_ID as ID
from spriden
where upper(spriden_last_name) = :lname
and upper(spriden_first_name) = :fname
and spriden_change_ind is null''',
{"lname": lname, "fname": fname}
)
我有一个 cx_oracle 连接,我正在寻找 运行 一个 'batch' 尝试从 CSV 文件中的姓氏收集 ID。下面是我的代码,其中出现 cx_Oracle.DatabaseError: ORA-01756: quoted string not properly terminated 错误。
它指向行
and spriden_change_ind is null'''.format(lname,fname)
但是我知道这是有效的,因为您会看到我的注释代码以这种方式使用格式并且它工作得很好。 rows_to_dict_list 是我前段时间在这里找到的一个很好的函数,基本上可以将列名添加到输出中。
任何方向都很好!谢谢
import csv, cx_Oracle
def rows_to_dict_list(cursor):
columns = [i[0] for i in cursor.description]
new_list = []
for row in cursor:
row_dict = dict()
for col in columns:
row_dict[col] = row[columns.index(col)]
new_list.append(row_dict)
return new_list
connection = cx_Oracle.connect('USERNAME','PASSWORD','HOSTNAME:PORTNUMBER/SERVICEID')
cur = connection.cursor()
printHeader = True
with open('nopnumber_names.csv')as csvfile:
reader = csv.DictReader(csvfile)
for row in reader:
lname = row['Last']
fname = row['First']
cur.execute('''select spriden_pidm as PIDM,
spriden_last_name as Last,
spriden_first_name as First,
spriden_mi as Middle,
spriden_ID as ID
from spriden
where upper(spriden_last_name) = '{0}'
and upper(spriden_first_name) = '{1}'
and spriden_change_ind is null'''.format(lname,fname)
)
# THIS RECORD RUNS FINE
# cur.execute('''select spriden_pidm as PIDM,
# spriden_ID as ID,
# spriden_last_name as Last,
# spriden_first_name as First
# from spriden
# where spriden_pidm = '{}'
# and spriden_change_ind is null'''.format(99999)
# )
data = rows_to_dict_list(cur)
for row in data:
print row
cur.close()
connection.close()
我最好的猜测是 CSV 文件中某处的名字或姓氏中有一个 '
字符。
您确实不应该通过连接字符串或使用字符串格式来构建 SQL。如果您这样做,您将面临 SQL injection 的风险。如果有人在您的 CSV 文件中添加了姓氏 X' OR 1=1 --
的记录会怎样?
相反,使用绑定参数将变量值发送到数据库。尝试以下操作:
cur.execute('''select spriden_pidm as PIDM,
spriden_last_name as Last,
spriden_first_name as First,
spriden_mi as Middle,
spriden_ID as ID
from spriden
where upper(spriden_last_name) = :lname
and upper(spriden_first_name) = :fname
and spriden_change_ind is null''',
{"lname": lname, "fname": fname}
)