Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/sqlite/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python 插入时无错误,但不插入+;更直观的语法?_Python_Sqlite - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python 插入时无错误,但不插入+;更直观的语法?

Python 插入时无错误,但不插入+;更直观的语法?

python sqlite

Python 插入时无错误,但不插入+;更直观的语法?,python,sqlite,Python,Sqlite,我想将数据插入到用SQLite创建的表中。大部分代码都是将数组转换为con.excute()的一个字符串。也许这就是问题所在?有更好的办法吗?没有返回错误 def add_row(table, columns, values): con = sql_connection("database.db") cursorObj = con.cursor() # column list to string if isinstance(columns, list) == Tr

我想将数据插入到用SQLite创建的表中。大部分代码都是将数组转换为con.excute()的一个字符串。也许这就是问题所在?有更好的办法吗?没有返回错误

def add_row(table, columns, values):
    con = sql_connection("database.db")
    cursorObj = con.cursor()
    # column list to string
    if isinstance(columns, list) == True:
        columns = ", ".join(columns)
    # wrap each string in list with '' and convert whole list to string
    if isinstance(values, list) == True:
        for i in range(0, len(values)):
            if isinstance(values[i], str) == True:
                values[i] = "'" + values[i] + "'"
        values = ", ".join(values)
    try:
        cmd = "insert into " + table + "(" + columns + ") values (" + values + ")"
        print(cmd)
        cursorObj.execute(cmd)
    except sqlite3.Error as e:
        print("An error occurred:", e.args[0])

add_row("Stocks", ["symbol", "name"], ["TEST", "test"])
打印(cmd)输出:

澄清:我不担心安全问题。它只能在本地使用

我不建议尝试将此函数推广到任意表和列

def add_symbol_and_name(symbol, name):
    with sqlite3.connect("database.db") as con:
        cursor = con.cursor()
        cursor.execute("insert into Stocks (symbol, name) values (?, ?)",
                       (symbol, name))
任何比这更具活力的东西都会为你打开大门。

我想出来了。注意其他人所说的:这样一个通用函数不应该在线使用,因为它会使数据库容易受到SQL注入攻击。然而,我的数据库是,并且将永远是本地的

def add_row(table, columns, values):
    valueArr = []
    if (len(columns) == len(values)) == False:
        print("Values and columns must be of equal length")
        return
    columns = ", ".join(columns)
    for value in values:
        valueArr.append("?")
    valueArr = ", ".join(valueArr)
    with sqlite3.connect("database.db") as con:
        try:
            cursor = con.cursor()
            cmd = "insert into " + table + " (" + columns + ")  values (" + valueArr + ")"
            print("cmd", cmd)
            cursor.execute(cmd,
                           values)
        except sqlite3.Error as e:
            print("An error occurred:", e.args[0])

add_row("Stocks", ["symbol", "name", "exchange"], ["AAPL", "Apple", "NASDAQ"])
可以尝试使用大写字母,或者在末尾添加分号?使用字符串连接生成命令。您没有清理任何输入值。如果一个值包含一个单引号,简单地用单引号括起一个值是不够的。 
def add_row(table, columns, values):
    valueArr = []
    if (len(columns) == len(values)) == False:
        print("Values and columns must be of equal length")
        return
    columns = ", ".join(columns)
    for value in values:
        valueArr.append("?")
    valueArr = ", ".join(valueArr)
    with sqlite3.connect("database.db") as con:
        try:
            cursor = con.cursor()
            cmd = "insert into " + table + " (" + columns + ")  values (" + valueArr + ")"
            print("cmd", cmd)
            cursor.execute(cmd,
                           values)
        except sqlite3.Error as e:
            print("An error occurred:", e.args[0])

add_row("Stocks", ["symbol", "name", "exchange"], ["AAPL", "Apple", "NASDAQ"])