stmt = "SELECT filecontent FROM filecontent WHERE filecontent_id = %d AND filecontent LIKE '%% %s %%'"%(int(result_file_pri[0]),str(myjson['recordType']))
curs.execute(stmt)
试图将上面的postgres查询转换为参数化查询。我在internet上找到的解决方案是在execute语句中包含stmt,并从引号中去掉%s,即
curs.execute("SELECT filecontent FROM filecontent WHERE filecontent_id = %s AND filecontent LIKE %% %s %%",(int(result_file_pri[0]),str(myjson['recordType'])))
以上对我来说不适用,%%s%;我该如何纠正这个问题?
最佳答案
它应该是包含百分比字符的参数:
curs.execute("SELECT filecontent FROM filecontent WHERE filecontent_id = %s AND filecontent LIKE %s",
(int(result_file_pri[0]), str("%" + myjson['recordType'] + "%")))
^----------------------------^
so the wildcard is the
part of the parameter