Python-sqlite3.sqlite3.OperationalError:靠近“%”:语法错误?
首先,在一切发生之前,我意识到这个问题已经被事先问过了。我已经寻找了几个小时试图解决我的问题,但我还没有能够正确地实现一个解决方案,我仍然遇到了错误 我正在尝试插入到一个表中。我希望表名是动态的,但我相信这也是不允许的?使用变量字符串。从我所做的研究来看,这似乎是不允许的/好的做法,因为它将代码留给SQL注入 我已尝试将%s替换为?但它仍然返回相同的错误?而不是% 这是我正在使用的代码。大部分都归功于James Mills,我只是尝试使用他从CSV中为sqlite3 INSERT语句生成的语句,如果这有意义的话Python-sqlite3.sqlite3.OperationalError:靠近“%”:语法错误?,python,sqlite,Python,Sqlite,首先,在一切发生之前,我意识到这个问题已经被事先问过了。我已经寻找了几个小时试图解决我的问题,但我还没有能够正确地实现一个解决方案,我仍然遇到了错误 我正在尝试插入到一个表中。我希望表名是动态的,但我相信这也是不允许的?使用变量字符串。从我所做的研究来看,这似乎是不允许的/好的做法,因为它将代码留给SQL注入 我已尝试将%s替换为?但它仍然返回相同的错误?而不是% 这是我正在使用的代码。大部分都归功于James Mills,我只是尝试使用他从CSV中为sqlite3 INSERT语句生成的语句,
"""csv2sql
Tool to convert CSV data files into SQL statements that
can be used to populate SQL tables. Each line of text in
the file is read, parsed and converted to SQL and output
to stdout (which can be piped).
A table to populate is given by the -t/--table option or
by the basename of the input file (if not standard input).
Fields are either given by the -f/--fields option (comma
separated) or determinted from the first row of data.
"""
__version__ = "0.4"
__author__ = "James Mills"
__date__ = "3rd February 2011"
import os
import csv
import sys
import optparse
import sqlite3
USAGE = "%prog [options] <file>"
VERSION = "%prog v" + __version__
def parse_options():
parser = optparse.OptionParser(usage=USAGE, version=VERSION)
parser.add_option("-t", "--table",
action="store", type="string",
default=None, dest="table",
help="Specify table name (defaults to filename)")
parser.add_option("-f", "--fields",
action="store", type="string",
default=None, dest="fields",
help="Specify a list of fields (comma-separated)")
parser.add_option("-s", "--skip",
action="append", type="int",
default=[], dest="skip",
help="Specify records to skip (multiple allowed)")
opts, args = parser.parse_args()
if len(args) < 1:
parser.print_help()
raise SystemExit, 1
return opts, args
def generate_rows(f):
sniffer = csv.Sniffer()
dialect = sniffer.sniff(f.readline())
f.seek(0)
reader = csv.reader(f, dialect)
for line in reader:
yield line
def main():
opts, args = parse_options()
filename = args[0]
if filename == "-":
if opts.table is None:
print "ERROR: No table specified and stdin used."
raise SystemExit, 1
fd = sys.stdin
table = opts.table
else:
fd = open(filename, "rU")
if opts.table is None:
table = os.path.splitext(filename)[0]
else:
table = opts.table
rows = generate_rows(fd)
if opts.fields:
fields = ", ".join([x.strip() for x in opts.fields.split(",")])
else:
fields = ", ".join(rows.next())
for i, row in enumerate(rows):
if i in opts.skip:
continue
values = ", ".join(["\"%s\"" % x for x in row])
print "INSERT INTO %s (%s) VALUES (%s);" % (table, fields, values)
con = sqlite3.connect("school")
cur = con.cursor()
cur.executemany("INSERT INTO %s (%s) VALUES (%s);", (table, fields, values))
con.commit()
con.close()
if __name__ == "__main__":
main()
> INSERT INTO data (School Name, Summer 15, Summer 16, Summer 17) VALUES ("School One", "126", "235", "453");
Traceback (most recent call last):
File "sniffer.py", line 103, in <module>
main()
File "sniffer.py", line 98, in main
cur.executemany("INSERT INTO %s (%s) VALUES (%s);", (table, fields, values))
sqlite3.OperationalError: near "%": syntax error
感谢您的帮助 记住输入的可能性并确保对输入进行清理,您可以这样准备查询:
if opts.fields:
fields = ", ".join([x.strip() for x in opts.fields.split(",")])
else:
fields = ", ".join(rows.next())
qry = "INSERT INTO %s (%s) VALUES (%s);" % (table,
fields,
",".join("?"*len(rows)),)
cur.executemany(qry, (rows,))