问题描述
我有一个简单的表(名为 test):
id |整数姓名 |字符变化(100)间隔|整数
当我尝试在 python 中使用 prepare 语句更新名称时.(我正在使用 python-pgsql http://pypi.python.org/pypi/python-pgsql/)
>>>for i in db.execute("select * from test"): 打印 i...(1, 'FOO', 无)>>>query = "更新测试集名称 = '$1' where name = '$2'">>>cu.execute(查询,我的名字",FOO")回溯(最近一次调用最后一次):文件<input>",第 1 行,在 <module> 中文件/usr/lib/python2.7/site-packages/pgsql.py",第119行,在执行中ret = self._source.execute(操作,参数)编程错误:错误:无法确定参数 $1 的数据类型该模块的演示文件可以在 http://sprunge.us/VgLY?python.
我猜它可能是你的字符串中 $1
和 $2
周围的单引号.在 PYGresql 的主要变化中,它说:
- 支持绑定参数,减少对大量、用户提供的数据的昂贵且易受攻击的引用
所以我假设单引号用太多引号重载了字符串,或者只是破坏了 python-pgsql 中的解析器.
I have a simple table (named test) as:
id | integer
name | character varying(100)
intval | integer
When I try to use prepare statement to update the name like this in python. (I am using python-pgsql http://pypi.python.org/pypi/python-pgsql/)
>>> for i in db.execute("select * from test"): print i
...
(1, 'FOO', None)
>>> query = "UPDATE test set name = '$1' where name = '$2'"
>>> cu.execute(query, "myname", "FOO")
Traceback (most recent call last):
File "<input>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/pgsql.py", line 119, in execute
ret = self._source.execute(operation, params)
ProgrammingError: ERROR: could not determine data type of parameter $1
The demo file for the module can be seen at http://sprunge.us/VgLY?python.
I'm guessing that it could be your single quotes around $1
and $2
inside your string. In the main changes from PYGresql it says that:
- support for bind parameters, alleviating the need for extensive,expensive and vulnerable quoting of user-supplied data
So I'm assuming the single quotes are overloading the string with too many quotes, or just breaking the parser in python-pgsql.
这篇关于无法确定 python-pgsql 中参数 $1 的数据类型的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!