长SQL字符串中的Python变量
用变量替换此SQL查询倒数第二行中的数字的安全方法是什么 假设我的变量是customer\u id。我可以用{}代替2,并在这个字符串的末尾使用put.format(customer\u id)吗长SQL字符串中的Python变量,python,mysql,sql,sqlalchemy,Python,Mysql,Sql,Sqlalchemy,用变量替换此SQL查询倒数第二行中的数字的安全方法是什么 假设我的变量是customer\u id。我可以用{}代替2,并在这个字符串的末尾使用put.format(customer\u id)吗 unlicensed_query = """ SELECT SUM(x.quantity), SUM(x.quantity * p.list_price) FROM ( SELECT cu.customer_id, cu.product_id, cu.quant
unlicensed_query = """
SELECT SUM(x.quantity), SUM(x.quantity * p.list_price)
FROM (
SELECT cu.customer_id, cu.product_id, cu.quantity
FROM csi_usage cu LEFT JOIN csi c
ON cu.customer_id = c.customer_id
AND cu.product_id = c.product_id
WHERE c.product_id IS NULL
AND cu.customer_id = 2) x, product p
WHERE x.product_id = p.id;
"""
正如Bjorn所说,正确的方法是使用绑定参数()。例如:
from sqlalchemy.sql import text
fully_utilized_query = text("""
SELECT SUM(x.quantity)
FROM (
SELECT cu.customer_id, cu.product_id, cu.quantity
FROM csi_usage cu
JOIN csi c
ON cu.customer_id = c.customer_id
AND cu.product_id = c.product_id
AND cu.quantity = c.licence_qty
WHERE cu.customer_id = :customer_id) x;
""")
fully_utilized = self.session.execute(fully_utilized_query, {'customer_id': current_user.customer_id}).scalar()
正如Bjorn所说,正确的方法是使用绑定参数()。例如:
from sqlalchemy.sql import text
fully_utilized_query = text("""
SELECT SUM(x.quantity)
FROM (
SELECT cu.customer_id, cu.product_id, cu.quantity
FROM csi_usage cu
JOIN csi c
ON cu.customer_id = c.customer_id
AND cu.product_id = c.product_id
AND cu.quantity = c.licence_qty
WHERE cu.customer_id = :customer_id) x;
""")
fully_utilized = self.session.execute(fully_utilized_query, {'customer_id': current_user.customer_id}).scalar()
哪个数据库?mysql但是查询是用sqlalchemy执行的,比如:self.session.execute(unlicensed_query).fetchall()[0]看这里:我使用了绑定参数,使用了Bjorn的链接,它工作得很好。谢谢哪个数据库?mysql但是查询是用sqlalchemy执行的,比如:self.session.execute(unlicensed_query).fetchall()[0]看这里:我使用了绑定参数,使用了Bjorn的链接,它工作得很好。谢谢