本文介绍了Python aiomysql在我的查询参数周围加上一组引号的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在使用python的aiomysql execute函数来执行sql查询.
I'm using python's aiomysql execute function to execute sql queries.
@asyncio.coroutine
def select(sql,args=None,size=None):
log(sql,args)
global __pool
with (yield from __pool) as conn:
cur = yield from conn.cursor()
yield from cur.execute(sql.replace('?','%s'),args or ())
if size:
rs = yield from cur.fetchmany(size)
else:
rs = yield from cur.fetchall()
__pool.close()
yield from __pool.wait_closed()
return rs
在测试功能中,我做了
@asyncio.coroutine
def test():
yield from create_pool(loop=loop,user='app',passwd='app')
sql = 'select ? from ?'
arg = ['id','users']
rs = yield from select(sql,arg)
print(rs)
global __pool
__pool.close()
yield from __pool.wait_closed()
在终端机中出现错误
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users'' at line 1")
用户周围似乎有一组报价.我尝试更改最后一个?到%s,并且以某种方式有效,显然是?适用于ID,但不适用于用户.为什么用户周围会有一组报价,我该如何解决?
There appears to be a set of quote around users. I tried changing the last ? to %s and that somehow worked, apparently the ? worked for id but not for users. Why is there a set of quote around users and how can I fix it?
谢谢您的回答
推荐答案
SQL参数不能用于MySQL的元数据.您将需要清理值并正常替换它.
SQL parameters cannot be used for metadata with MySQL. You will need to sanitize the value and substitute it normally.
这篇关于Python aiomysql在我的查询参数周围加上一组引号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!