来自django queryset 的sql 字符串不能在pymysql 中执行?
The sql string from queryset of django cannot be executed in pymysql?
我正在使用 Django 进行一些参数过滤,然后我得到了如下过滤的查询集:
sql_str = str(my_queryset.query)
# print(sql_str)
SELECT `market_accounts`.`agency`, `market_accounts`.`id`, `market_accounts`.`entity`, `market_accounts`.`related_entity`
, `market_accounts`.`type`, `market_accounts`.`our_side_entity`, `market_accounts`.`short_title`, `market_accounts`.`titl
e`, `market_accounts`.`settlement_type`, `market_accounts`.`ae`, `market_accounts`.`sale`, `market_accounts`.`medium`, `m
arket_accounts`.`is_pc`, `market_accounts`.`is_new_customer` FROM `market_accounts` WHERE (`market_accounts`.`entity` LIK
E %madbaby% OR `market_accounts`.`related_entity` LIKE %madbaby% OR `market_accounts`.`short_title` LIKE %madbaby% OR
`market_accounts`.`title` LIKE %madbaby%) ORDER BY `market_accounts`.`id` DESC
出于某种原因,我想通过 pymysql 执行上面的 sql,但错误显示如下:
# cursor.execute(sql_str)
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MyS
QL server version for the right syntax to use near '%madbaby% OR `market_accounts`.`related_entity` LIKE %madbaby% OR `
market_acco' at line 1")
Get Data Error!
为什么django生成的sql字符串不能被pymysql执行?
我上面的sql是我直接从str(queryset.query)那里得到的。它错过了 ' ' 这让我很困惑。
LIKE 模式应该用引号引起来
LIKE '%madbaby'
在您给出的查询中
SELECT `market_accounts`.`agency`, `market_accounts`.`id`, `market_accounts`.`entity`, `market_accounts`.`related_entity`
, `market_accounts`.`type`, `market_accounts`.`our_side_entity`, `market_accounts`.`short_title`, `market_accounts`.`titl
e`, `market_accounts`.`settlement_type`, `market_accounts`.`ae`, `market_accounts`.`sale`, `market_accounts`.`medium`, `m
arket_accounts`.`is_pc`, `market_accounts`.`is_new_customer` FROM `market_accounts` WHERE (`market_accounts`.`entity` LIK
E %madbaby% OR `market_accounts`.`related_entity` LIKE %madbaby% OR `market_accounts`.`short_title` LIKE %madbaby% OR
`market_accounts`.`title` LIKE %madbaby%) ORDER BY `market_accounts`.`id` DESC
你显然错过了所有 LIKE 模式的引号
本来应该是这样的
SELECT `market_accounts`.`agency`, `market_accounts`.`id`, `market_accounts`.`entity`, `market_accounts`.`related_entity`
, `market_accounts`.`type`, `market_accounts`.`our_side_entity`, `market_accounts`.`short_title`, `market_accounts`.`titl
e`, `market_accounts`.`settlement_type`, `market_accounts`.`ae`, `market_accounts`.`sale`, `market_accounts`.`medium`, `m
arket_accounts`.`is_pc`, `market_accounts`.`is_new_customer` FROM `market_accounts` WHERE (`market_accounts`.`entity` LIK
E '%madbaby%' OR `market_accounts`.`related_entity` LIKE '%madbaby%' OR `market_accounts`.`short_title` LIKE '%madbaby%' OR
`market_accounts`.`title` LIKE '%madbaby%') ORDER BY `market_accounts`.`id` DESC
错误说之前发生了一些错误
%madbaby% OR `market_accounts`.`related_entity` LIKE %madbaby% OR `
market_acco
这是由于模式缺少引号造成的。
Django 在 str(qs.query) 中生成不带引号的字符串,因此您不应该将它们提供给数据库。这些是为了调试目的,虽然我同意它们没有被正确引用有点草率,它在源代码中提到:
# django.db.models.sql.query.Query
def __str__(self):
"""
Return the query as a string of SQL with the parameter values
substituted in (use sql_with_params() to see the unsubstituted string).
Parameter values won't necessarily be quoted correctly, since that is
done by the database interface at execution time.
"""
sql, params = self.sql_with_params()
return sql % params
我正在使用 Django 进行一些参数过滤,然后我得到了如下过滤的查询集:
sql_str = str(my_queryset.query)
# print(sql_str)
SELECT `market_accounts`.`agency`, `market_accounts`.`id`, `market_accounts`.`entity`, `market_accounts`.`related_entity`
, `market_accounts`.`type`, `market_accounts`.`our_side_entity`, `market_accounts`.`short_title`, `market_accounts`.`titl
e`, `market_accounts`.`settlement_type`, `market_accounts`.`ae`, `market_accounts`.`sale`, `market_accounts`.`medium`, `m
arket_accounts`.`is_pc`, `market_accounts`.`is_new_customer` FROM `market_accounts` WHERE (`market_accounts`.`entity` LIK
E %madbaby% OR `market_accounts`.`related_entity` LIKE %madbaby% OR `market_accounts`.`short_title` LIKE %madbaby% OR
`market_accounts`.`title` LIKE %madbaby%) ORDER BY `market_accounts`.`id` DESC
出于某种原因,我想通过 pymysql 执行上面的 sql,但错误显示如下:
# cursor.execute(sql_str)
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MyS
QL server version for the right syntax to use near '%madbaby% OR `market_accounts`.`related_entity` LIKE %madbaby% OR `
market_acco' at line 1")
Get Data Error!
为什么django生成的sql字符串不能被pymysql执行?
我上面的sql是我直接从str(queryset.query)那里得到的。它错过了 ' ' 这让我很困惑。
LIKE 模式应该用引号引起来
LIKE '%madbaby'
在您给出的查询中
SELECT `market_accounts`.`agency`, `market_accounts`.`id`, `market_accounts`.`entity`, `market_accounts`.`related_entity`
, `market_accounts`.`type`, `market_accounts`.`our_side_entity`, `market_accounts`.`short_title`, `market_accounts`.`titl
e`, `market_accounts`.`settlement_type`, `market_accounts`.`ae`, `market_accounts`.`sale`, `market_accounts`.`medium`, `m
arket_accounts`.`is_pc`, `market_accounts`.`is_new_customer` FROM `market_accounts` WHERE (`market_accounts`.`entity` LIK
E %madbaby% OR `market_accounts`.`related_entity` LIKE %madbaby% OR `market_accounts`.`short_title` LIKE %madbaby% OR
`market_accounts`.`title` LIKE %madbaby%) ORDER BY `market_accounts`.`id` DESC
你显然错过了所有 LIKE 模式的引号
本来应该是这样的
SELECT `market_accounts`.`agency`, `market_accounts`.`id`, `market_accounts`.`entity`, `market_accounts`.`related_entity`
, `market_accounts`.`type`, `market_accounts`.`our_side_entity`, `market_accounts`.`short_title`, `market_accounts`.`titl
e`, `market_accounts`.`settlement_type`, `market_accounts`.`ae`, `market_accounts`.`sale`, `market_accounts`.`medium`, `m
arket_accounts`.`is_pc`, `market_accounts`.`is_new_customer` FROM `market_accounts` WHERE (`market_accounts`.`entity` LIK
E '%madbaby%' OR `market_accounts`.`related_entity` LIKE '%madbaby%' OR `market_accounts`.`short_title` LIKE '%madbaby%' OR
`market_accounts`.`title` LIKE '%madbaby%') ORDER BY `market_accounts`.`id` DESC
错误说之前发生了一些错误
%madbaby% OR `market_accounts`.`related_entity` LIKE %madbaby% OR `
market_acco
这是由于模式缺少引号造成的。
Django 在 str(qs.query) 中生成不带引号的字符串,因此您不应该将它们提供给数据库。这些是为了调试目的,虽然我同意它们没有被正确引用有点草率,它在源代码中提到:
# django.db.models.sql.query.Query
def __str__(self):
"""
Return the query as a string of SQL with the parameter values
substituted in (use sql_with_params() to see the unsubstituted string).
Parameter values won't necessarily be quoted correctly, since that is
done by the database interface at execution time.
"""
sql, params = self.sql_with_params()
return sql % params