Python3:如何为 cx_oracle 连续的插入语句流转义特殊字符(ORA-01756:引号字符串未正确终止)
Python3 : How to escape special characters for cx_oracle continuous stream of insert statement (ORA-01756: quoted string not properly terminated)
我正在使用 python 代码来读取 CSV 文件以及它在 Oracle 数据库中插入的每一行。
是否有办法克服所有用例的“ORA-01756:引号字符串未正确终止”错误。
我想转义的特殊字符是单引号 (')、双引号 (")、逗号 (,) 和其他可能导致错误的字符。
其实我的逻辑如下:
with open(files, newline='', encoding='utf-8') as csvfile:
rowreader = csv.reader(csvfile, delimiter=';', quotechar='|')
next(rowreader)
for row in rowreader:
values = parseCSV.input(row)
query = "INSERT INTO MYTABLE(col1,col2) values('{val1}','{val2}')".format(**values)
cursor.execute(query)
如果要插入字符串 - 'my's name'
,则以上内容无效
是 -- 使用 parameters/binds.
通过 cx_oracle manual on using binds:
# assuming `values` is a dict with `val1` and `val2`:
cursor.execute("INSERT INTO MYTABLE (col1, col2) values(:val1, :val2)", values)
还要注意手册页上是怎么写的“永远不要这样做!!!”关于如何将数据插入语句 - 您的代码目前也容易受到 SQL 注入攻击。
documentation 中有一个示例,它比为每一行调用 execute() 快得多:
import cx_Oracle
import csv
. . .
# Predefine the memory areas to match the table definition
cursor.setinputsizes(None, 25)
# Adjust the batch size to meet your memory and performance requirements
batch_size = 10000
with open('testsp.csv', 'r') as csv_file:
csv_reader = csv.reader(csv_file, delimiter=',')
sql = "insert into test (id,name) values (:1, :2)"
data = []
for line in csv_reader:
data.append((line[0], line[1]))
if len(data) % batch_size == 0:
cursor.executemany(sql, data)
data = []
if data:
cursor.executemany(sql, data)
con.commit()
我正在使用 python 代码来读取 CSV 文件以及它在 Oracle 数据库中插入的每一行。
是否有办法克服所有用例的“ORA-01756:引号字符串未正确终止”错误。
我想转义的特殊字符是单引号 (')、双引号 (")、逗号 (,) 和其他可能导致错误的字符。
其实我的逻辑如下:
with open(files, newline='', encoding='utf-8') as csvfile:
rowreader = csv.reader(csvfile, delimiter=';', quotechar='|')
next(rowreader)
for row in rowreader:
values = parseCSV.input(row)
query = "INSERT INTO MYTABLE(col1,col2) values('{val1}','{val2}')".format(**values)
cursor.execute(query)
如果要插入字符串 - 'my's name'
,则以上内容无效是 -- 使用 parameters/binds.
通过 cx_oracle manual on using binds:
# assuming `values` is a dict with `val1` and `val2`:
cursor.execute("INSERT INTO MYTABLE (col1, col2) values(:val1, :val2)", values)
还要注意手册页上是怎么写的“永远不要这样做!!!”关于如何将数据插入语句 - 您的代码目前也容易受到 SQL 注入攻击。
documentation 中有一个示例,它比为每一行调用 execute() 快得多:
import cx_Oracle
import csv
. . .
# Predefine the memory areas to match the table definition
cursor.setinputsizes(None, 25)
# Adjust the batch size to meet your memory and performance requirements
batch_size = 10000
with open('testsp.csv', 'r') as csv_file:
csv_reader = csv.reader(csv_file, delimiter=',')
sql = "insert into test (id,name) values (:1, :2)"
data = []
for line in csv_reader:
data.append((line[0], line[1]))
if len(data) % batch_size == 0:
cursor.executemany(sql, data)
data = []
if data:
cursor.executemany(sql, data)
con.commit()