在Python中的SELECT语句中传递列名
发布时间:2020-12-20 10:33:14 所属栏目:Python 来源:网络整理
导读:if count == 1: cursor.execute("SELECT * FROM PacketManager WHERE ? = ?",filters[0],parameters[0]) all_rows = cursor.fetchall() elif count == 2: cursor.execute("SELECT * FROM PacketManager WHERE ? = ? AND ? = ?",parameters[0],filters[1],par
if count == 1:
cursor.execute("SELECT * FROM PacketManager WHERE ? = ?",filters[0],parameters[0])
all_rows = cursor.fetchall()
elif count == 2:
cursor.execute("SELECT * FROM PacketManager WHERE ? = ? AND ? = ?",parameters[0],filters[1],parameters[1])
all_rows = cursor.fetchall()
elif count == 3 :
cursor.execute("SELECT * FROM PacketManager WHERE ? = ? AND ? = ? AND ? = ?",parameters[1],filters[2],parameters[2])
all_rows = cursor.fetchall()
这是我程序中的代码段.我打算做的是在查询中传递列名和参数. filters数组包含列名,参数数组包含参数.计数是用户设置的过滤器数量.过滤器和参数数组已准备就绪,没有问题.我只需要将它传递给查询即可执行.这给我一个错误“TypeError:函数最多需要2个参数” 解决方法
您只能使用?而不是表名或列名来设置参数.
您可以使用预定义的查询构建一个dict. queries = {
"foo": "SELECT * FROM PacketManager WHERE foo = ?","bar": "SELECT * FROM PacketManager WHERE bar = ?","foo_bar": "SELECT * FROM PacketManager WHERE foo = ? AND bar = ?",}
# count == 1
cursor.execute(queries[filters[0],parameters[0])
# count == 2
cursor.execute(queries[filters[0] + "_" + queries[filters[1],parameters[0])
这种方法将使您从过滤器[0]中的SQL注入中保存. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |