在 Python 中的 SQL 语句中传递列名?
Passing a column name in an SQL statement in Python?
这是我写的代码
def edititem():
edit_code = int(input("Enter the product code of the item you would like to edit:"))
edit_cat = input("Enter the category of the item you would like to edit:")
edit_val = int(input("Enter the new value"))
edit = """UPDATE products SET %s = %s where prod_code = %s"""
cur.execute(edit,(edit_cat,edit_val,edit_code,))
connector.commit()
这是我遇到的错误:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' prod_code' = 1 where prod_code = 1231' at line 1
我还没弄清楚到底是什么错误,如果能提前help.Thanks就好了。
如@S3DEV 所述,您不能使用 SQL 参数来插入列名。您必须对这些部分使用经典的字符串格式。
例如,下面是一个使用字符串格式的列
cursor.execute("SELECT * FROM PacketManager WHERE {} = ?".format(filters[0]), (parameters[0],))
另请注意验证允许的列名称的重要性,以确保不会发生注入。
您还应该从此处查看示例 -
这是我写的代码
def edititem():
edit_code = int(input("Enter the product code of the item you would like to edit:"))
edit_cat = input("Enter the category of the item you would like to edit:")
edit_val = int(input("Enter the new value"))
edit = """UPDATE products SET %s = %s where prod_code = %s"""
cur.execute(edit,(edit_cat,edit_val,edit_code,))
connector.commit()
这是我遇到的错误:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' prod_code' = 1 where prod_code = 1231' at line 1
我还没弄清楚到底是什么错误,如果能提前help.Thanks就好了。
如@S3DEV 所述,您不能使用 SQL 参数来插入列名。您必须对这些部分使用经典的字符串格式。
例如,下面是一个使用字符串格式的列
cursor.execute("SELECT * FROM PacketManager WHERE {} = ?".format(filters[0]), (parameters[0],))
另请注意验证允许的列名称的重要性,以确保不会发生注入。
您还应该从此处查看示例 -