Python SQL不喜欢,尝试排除多个值
我有一个代码,在下面,用户可以把过敏列表。我希望我的代码列出一个食谱列表,从用户过敏列表中排除这些成分。我编写了一个测试代码,但无法找出如何同时排除所有三种成分Python SQL不喜欢,尝试排除多个值,python,sql,python-3.x,database,sqlite,Python,Sql,Python 3.x,Database,Sqlite,我有一个代码,在下面,用户可以把过敏列表。我希望我的代码列出一个食谱列表,从用户过敏列表中排除这些成分。我编写了一个测试代码,但无法找出如何同时排除所有三种成分 userallergy = conn.execute ('SELECT Allergies from User where userid = 4') userallergy = userallergy.fetchall() userallergy = userallergy[0][0].replace(" ",&qu
userallergy = conn.execute ('SELECT Allergies from User where userid = 4')
userallergy = userallergy.fetchall()
userallergy = userallergy[0][0].replace(" ","")
listallergy=list(userallergy.split(","))
listallergy = ["'%" + i.capitalize() + "%'" for i in listallergy]
print([listallergy])
query='SELECT RecipeName FROM Recipess where Ingredients Not LIKE {}'.format(listallergy[1])
print(query)
aller = conn.execute(query)
saferecipe = aller.fetchall()
print(saferecipe)
使用
REGEXP和操作符连接所有语句(但正如@alexis在评论中提到的,它有自己的问题):
您可以使用MySQL REGEX“或”来排除这三个选项。然后,您的查询应该如下所示:
query = f"SELECT RecipeName FROM `Recipess` WHERE Ingredients NOT REGEXP '{('|').join(listallergy)}'"
也许你应该试试正则表达式?这个查询很好,但是当一个带撇号的名字出现时,它会变得很难看。。。如果你把它投入生产,那绝对是危险的。SQL注入危险!(而且你不能像这里这样使用准备好的语句和可变长度的列表…)
allergies = " AND ".join(["Ingredients Not LIKE '%" + i.capitalize() + "%'" for i in listallergy])
print(allergies)
query='SELECT RecipeName FROM Recipess where {}'.format(allergies)
print(query)
query = f"SELECT RecipeName FROM `Recipess` WHERE Ingredients NOT REGEXP '{('|').join(listallergy)}'"