Python 插入时无错误,但不插入+;更直观的语法?
我想将数据插入到用SQLite创建的表中。大部分代码都是将数组转换为con.excute()的一个字符串。也许这就是问题所在?有更好的办法吗?没有返回错误Python 插入时无错误,但不插入+;更直观的语法?,python,sqlite,Python,Sqlite,我想将数据插入到用SQLite创建的表中。大部分代码都是将数组转换为con.excute()的一个字符串。也许这就是问题所在?有更好的办法吗?没有返回错误 def add_row(table, columns, values): con = sql_connection("database.db") cursorObj = con.cursor() # column list to string if isinstance(columns, list) == Tr
def add_row(table, columns, values):
con = sql_connection("database.db")
cursorObj = con.cursor()
# column list to string
if isinstance(columns, list) == True:
columns = ", ".join(columns)
# wrap each string in list with '' and convert whole list to string
if isinstance(values, list) == True:
for i in range(0, len(values)):
if isinstance(values[i], str) == True:
values[i] = "'" + values[i] + "'"
values = ", ".join(values)
try:
cmd = "insert into " + table + "(" + columns + ") values (" + values + ")"
print(cmd)
cursorObj.execute(cmd)
except sqlite3.Error as e:
print("An error occurred:", e.args[0])
add_row("Stocks", ["symbol", "name"], ["TEST", "test"])
打印(cmd)输出:
澄清:我不担心安全问题。它只能在本地使用 我不建议尝试将此函数推广到任意表和列
def add_symbol_and_name(symbol, name):
with sqlite3.connect("database.db") as con:
cursor = con.cursor()
cursor.execute("insert into Stocks (symbol, name) values (?, ?)",
(symbol, name))
任何比这更具活力的东西都会为你打开大门。我想出来了。注意其他人所说的:这样一个通用函数不应该在线使用,因为它会使数据库容易受到SQL注入攻击。然而,我的数据库是,并且将永远是本地的
def add_row(table, columns, values):
valueArr = []
if (len(columns) == len(values)) == False:
print("Values and columns must be of equal length")
return
columns = ", ".join(columns)
for value in values:
valueArr.append("?")
valueArr = ", ".join(valueArr)
with sqlite3.connect("database.db") as con:
try:
cursor = con.cursor()
cmd = "insert into " + table + " (" + columns + ") values (" + valueArr + ")"
print("cmd", cmd)
cursor.execute(cmd,
values)
except sqlite3.Error as e:
print("An error occurred:", e.args[0])
add_row("Stocks", ["symbol", "name", "exchange"], ["AAPL", "Apple", "NASDAQ"])
可以尝试使用大写字母,或者在末尾添加分号?使用字符串连接生成命令。您没有清理任何输入值。如果一个值包含一个单引号,简单地用单引号括起一个值是不够的。
def add_row(table, columns, values):
valueArr = []
if (len(columns) == len(values)) == False:
print("Values and columns must be of equal length")
return
columns = ", ".join(columns)
for value in values:
valueArr.append("?")
valueArr = ", ".join(valueArr)
with sqlite3.connect("database.db") as con:
try:
cursor = con.cursor()
cmd = "insert into " + table + " (" + columns + ") values (" + valueArr + ")"
print("cmd", cmd)
cursor.execute(cmd,
values)
except sqlite3.Error as e:
print("An error occurred:", e.args[0])
add_row("Stocks", ["symbol", "name", "exchange"], ["AAPL", "Apple", "NASDAQ"])