Python 3.x Python参数化SQL添加额外撇号
在参数化的psycopg2/flask/postgres查询中插入一个额外的撇号时遇到问题,并想知道如何停止。我读了这里的每一篇文章,根据我的问题,似乎是为了回答我的问题,但没有,没有看到任何,所以我在这里!谢谢你能给我的帮助 错误消息&DEBUG 错误 调试 相关的PYTHON代码Python 3.x Python参数化SQL添加额外撇号,python-3.x,dictionary,psycopg2,parameterized,apostrophe,Python 3.x,Dictionary,Psycopg2,Parameterized,Apostrophe,在参数化的psycopg2/flask/postgres查询中插入一个额外的撇号时遇到问题,并想知道如何停止。我读了这里的每一篇文章,根据我的问题,似乎是为了回答我的问题,但没有,没有看到任何,所以我在这里!谢谢你能给我的帮助 错误消息&DEBUG 错误 调试 相关的PYTHON代码 t_Item_Search = request.form['box_Search_String'] t_Item_Where = ""
t_Item_Search = request.form['box_Search_String']
t_Item_Where = ""
t_Item_Where += "t_part_no LIKE '" + t_Item_Search + "'"
t_Item_Where += " OR t_name LIKE '" + t_Item_Search + "'"
t_Item_Where += " OR t_description LIKE '" + t_Item_Search + "'"
t_Item_Search = t_Item_Where
...
q += " FROM tbl_items "
q += " WHERE "
q += "("
q += " b_enabled = %(t_Item_Enabled)s"
if t_Item_Search != '':
q += " ) AND ("
q += "%(t_Item_Search)s"
q += ")"
q += ")"
if t_Item_OrderBy != '':
q += " ORDER BY "
q += "%(t_Item_OrderBy)s "
q += "%(t_Item_UpDown)s"
q += " LIMIT %(t_Item_NumShow)s"
logging.debug("getItems: q = " + q)
logging.debug("getItems: t_Item_Search = " + t_Item_Search)
vars = {
"t_Item_Enabled": (t_Item_Enabled=='True'),
"t_Item_Search": AsIs(t_Item_Search),
"t_Item_OrderBy": t_Item_OrderBy,
"t_Item_UpDown": t_Item_UpDown,
"t_Item_NumShow": int(t_Item_NumShow)
}
db_cursor.execute(q, vars)
用于将t\u Item\u Search
用作SQL表示,而不是字符串。您可能希望使用多行字符串(使用三重引号),这样更容易编写更长/更复杂的sql语句:
from psycopg2.extensions import AsIs
...
cur = conn.cursor()
values = {
"t_Item_Enabled": True,
"t_Item_Search": AsIs(" AND t_part_no LIKE 'rock' OR t_name LIKE 'rock' OR t_description LIKE 'rock'"),
"t_Item_OrderBy": "",
"t_Item_UpDown": "",
"t_Item_NumShow": 20
}
sql = """
SELECT
foo,
bar,
baz
FROM
some_table
WHERE
(
b_enabled = %(t_Item_Enabled)s
)
%(t_Item_Search)s
ORDER BY
baz
LIMIT
%(t_Item_NumShow)s
"""
print(cur.mogrify(sql, values).decode('utf-8'))
输出:
SELECT
foo,
bar,
baz
FROM
some_table
WHERE
(
b_enabled = true
)
AND t_part_no LIKE 'rock' OR t_name LIKE 'rock' OR t_description LIKE 'rock'
ORDER BY
baz
LIMIT
20
看起来很棒!关于你的产出,我有一个问题。注意启用的b_和where子句的其余部分之间没有“and”。这是一个输入错误还是完全可以这样执行sql?请原谅我的坚持/好奇。你是说WHERE子句的各个部分之间不需要“and”或逗号吗?比如“WHERE(b_enabled=true)t_part_no…”和“WHERE(b_enabled=true)和t_part_no…”是的,现在我看到了。你是对的,我错过了一个:)好吧,那我不是疯了,呵呵。我不确定它是不是一个Postgres-only-mod-to-SQL,呵呵。太好了,试着不要自己格式化SQL语句,比如:
t\u Item\u其中+=“t\u part\u no-like'”+t\u Item\u Search+“
,让psycopg2为您完成这项工作,并使用mogrify
调试SQL语句
from psycopg2.extensions import AsIs
...
cur = conn.cursor()
values = {
"t_Item_Enabled": True,
"t_Item_Search": AsIs(" AND t_part_no LIKE 'rock' OR t_name LIKE 'rock' OR t_description LIKE 'rock'"),
"t_Item_OrderBy": "",
"t_Item_UpDown": "",
"t_Item_NumShow": 20
}
sql = """
SELECT
foo,
bar,
baz
FROM
some_table
WHERE
(
b_enabled = %(t_Item_Enabled)s
)
%(t_Item_Search)s
ORDER BY
baz
LIMIT
%(t_Item_NumShow)s
"""
print(cur.mogrify(sql, values).decode('utf-8'))
SELECT
foo,
bar,
baz
FROM
some_table
WHERE
(
b_enabled = true
)
AND t_part_no LIKE 'rock' OR t_name LIKE 'rock' OR t_description LIKE 'rock'
ORDER BY
baz
LIMIT
20