Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/sqlite/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python 2.7 Python sqlite3操作错误:接近“&引用;:语法错误_Python 2.7_Sqlite - Fatal编程技术网
Fatal编程技术网
  • python-2.7/
  • Python 2.7 Python sqlite3操作错误:接近“&引用;:语法错误

Python 2.7 Python sqlite3操作错误:接近“&引用;:语法错误

python-2.7 sqlite

Python 2.7 Python sqlite3操作错误:接近“&引用;:语法错误,python-2.7,sqlite,Python 2.7,Sqlite,试图让用户更新名为“Scenario”的特定表的现有记录上的列值。正在更新的记录由一个名为“Scenario_Key”的索引列标识,该索引列对此类的每个实例都是唯一的。我已有的代码生成了一个键、值对字典,其中key是要更新的列的名称,value是要插入的值。要更新sqlite数据库,我尝试以下操作: cursor.execute("""UPDATE Scenario SET ?=? WHERE Scenario_Key=?;""", (key, new_val, self.scenario_ke

试图让用户更新名为“Scenario”的特定表的现有记录上的列值。正在更新的记录由一个名为“Scenario_Key”的索引列标识,该索引列对此类的每个实例都是唯一的。我已有的代码生成了一个键、值对字典,其中
key
是要更新的列的名称,
value
是要插入的值。要更新sqlite数据库,我尝试以下操作:

cursor.execute("""UPDATE Scenario SET ?=? WHERE Scenario_Key=?;""", (key, new_val, self.scenario_key))

Traceback (most recent call last):
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-tk/Tkinter.py", line 1536, in __call__
return self.func(*args)
File "/Users/xxx/Documents/Consulting/DCA/Damage Control Assistant/EditScenarioWindow.py", line 91, in <lambda>
SaveAndCloseButton = Button(ButtonFrame, text="Save and Close", command=lambda: self.SaveAndCloseWindow())
File "/Users/xxx/Documents/Consulting/DCA/Damage Control Assistant/EditScenarioWindow.py", line 119, in SaveAndCloseWindow
cursor.execute(cmd_string, (key, new_val, self.scenario_key))
OperationalError: near "?": syntax error
但是,当我试图通过单击“保存并关闭”按钮执行时,我得到以下结果:

cursor.execute("""UPDATE Scenario SET ?=? WHERE Scenario_Key=?;""", (key, new_val, self.scenario_key))

Traceback (most recent call last):
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-tk/Tkinter.py", line 1536, in __call__
return self.func(*args)
File "/Users/xxx/Documents/Consulting/DCA/Damage Control Assistant/EditScenarioWindow.py", line 91, in <lambda>
SaveAndCloseButton = Button(ButtonFrame, text="Save and Close", command=lambda: self.SaveAndCloseWindow())
File "/Users/xxx/Documents/Consulting/DCA/Damage Control Assistant/EditScenarioWindow.py", line 119, in SaveAndCloseWindow
cursor.execute(cmd_string, (key, new_val, self.scenario_key))
OperationalError: near "?": syntax error

回溯(最近一次呼叫最后一次):
文件“/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-tk/Tkinter.py”,第1536行,在调用__
返回self.func(*args)
文件“/Users/xxx/Documents/Consulting/DCA/Damage Control Assistant/EditScenarioWindow.py”,第91行,在
SaveAndCloseButton=Button(ButtonFrame,text=“Save and Close”,command=lambda:self.SaveAndCloseWindow())
文件“/Users/xxx/Documents/Consulting/DCA/Damage Control Assistant/EditScenarioWindow.py”,第119行,保存和关闭窗口
cursor.execute(cmd_string,(key,new_val,self.scenario_key))
操作错误:接近“?”:语法错误
我已经读过了,但是我尝试在所有变量都已经计算过的地方执行一个sqlite查询,而不是从数据库中获取值并从中构建查询。我以元组的形式提供位置参数。那么为什么sqlite3不喜欢我提交的查询呢?

您不能参数化列名。在意识到可能发生攻击的同时,您可以改为:

cursor.execute("""UPDATE Scenario 
                     SET {}=? 
                   WHERE Scenario_Key=?;""".format(key), 
               (new_val, self.scenario_key))
谢谢你的快速回复!这起作用了,甚至更好,我想我明白为什么。也谢谢你的警告。出于各种原因,安全和注入攻击不是本项目的主要关注点,但绝对是未来需要牢记的事情。干杯,伙计。很高兴见到你!