Python字典和使用pymysql（安全编码）的参数化MySQL

我对用python编写数据库驱动的代码非常陌生。。在这方面，python也是如此。我试图编写一些代码，将字典输出参数化（以避免SQL注入作为良好实践），并将输出放入mysql数据库中的单独列中代码执行并输出，这表明我的参数化等明显有问题，这主要是我需要帮助的地方。

something broke with the SQL thing
something broke with the SQL thing
something broke with the SQL thing
etc...

字典输出如下所示：

{'abx.com': ['abc.com', '103.245.222.133', '', 'alt3.aspmx.l.google.com', 'ns-331.awsdns-41.com', 'Australia', '', '', 1445889980]}
{'abd.com': ['abc.com', '12.27.179.65', '', '', 'g4.nstld.com', 'United States', '', '', 1445889980]}
{'abf.com': ['abc.com', '159.204.50.123', '', 'mx01.data-tronics.com', 'ns2.data-tronics.com', 'United States', '', '', 1445889980]}
{'abv.com': ['abc.com', '192.185.225.77', '', 'abv.com.inbound10.mxlogic.net', 'ns1085.hostgator.com', 'United States', '', '', 1445889980]}
{'bac.com': ['abc.com', '171.161.206.99', '', 'mxa-0000ec05.gslb.pphosted.com', 'ns12.bac.com', 'United States', '', '', 1445889980]}
{'acb.com': ['abc.com', '92.54.21.223', '', 'mx0.acb.com', 'ns-2008.awsdns-59.co.uk', 'Spain', '', '', 1445889980]}

CREATE TABLE domains(
    fakedomain INT PRIMARY KEY AUTO_INCREMENT NOT NULL,\
    origdomain TEXT NULL,\
    a_record TEXT NULL,\
    aaaa_record TEXT NULL,\
    mx_record TEXT NULL,\
    ns_record TEXT NULL,\
    country TEXT NULL,\
    created TEXT NULL,\
    updated TEXT NULL,\
    epoch INT(11) NULL);

代码如下：

#!/usr/bin/env python3.4

import subprocess
import pymysql
import json
import time

conn = pymysql.connect(host="localhost", user="myuser", passwd="superpass", db="dnstwist")
cur = conn.cursor()
epoch = int(time.time())
insert_sql =    "INSERT INTO domains(fakedomain, origdomain, a_record, aaaa_record, mx_record, ns_record, country, created, updated, epoch) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)"

# dictionary key structure
# { fakedomain: [ site, A, AAAA, MX, NS, Country, Created, Updated ] } 

domain_dict = {}
domaininfo = []


def build_dict():
    sites = ['abc.com', 'nbc.com']                
    for site in sites:
        proc = subprocess.Popen(["python dnstwist.py -g -c " + site + " --threads 1 | grep -v ,,,,,,,, | sed -e '1,1d' "],shell=True,stdout=subprocess.PIPE,universal_newlines=True)

        while True:
            line = proc.stdout.readline()
            domaininfo = line.split(',')

            if line!= '':
                fakedomain = domaininfo[1]
                A = domaininfo[2]
                AAAA = domaininfo[3]
                MX = domaininfo[4]
                NS = domaininfo[5]
                country = domaininfo[6]
                created = domaininfo[7]
                updated = domaininfo[8]
                SSDEEP = domaininfo[9]

                try: 
                    domain_dict = { fakedomain: [ site, A, AAAA, MX, NS, country, created, updated, epoch ] }

                    try: 
                        cur.execute(insert_sql, (json.dumps(domain_dict)))
                        cur.commit()
                    except:  
                        print('something broke with the SQL thing')

                except:
                    print('you hit an exception')
                    continue

            else:
                print('you hit the break')
                break
    cur.close()
    conn.close()

build_dict()

数据库结构如下：

{'abx.com': ['abc.com', '103.245.222.133', '', 'alt3.aspmx.l.google.com', 'ns-331.awsdns-41.com', 'Australia', '', '', 1445889980]}
{'abd.com': ['abc.com', '12.27.179.65', '', '', 'g4.nstld.com', 'United States', '', '', 1445889980]}
{'abf.com': ['abc.com', '159.204.50.123', '', 'mx01.data-tronics.com', 'ns2.data-tronics.com', 'United States', '', '', 1445889980]}
{'abv.com': ['abc.com', '192.185.225.77', '', 'abv.com.inbound10.mxlogic.net', 'ns1085.hostgator.com', 'United States', '', '', 1445889980]}
{'bac.com': ['abc.com', '171.161.206.99', '', 'mxa-0000ec05.gslb.pphosted.com', 'ns12.bac.com', 'United States', '', '', 1445889980]}
{'acb.com': ['abc.com', '92.54.21.223', '', 'mx0.acb.com', 'ns-2008.awsdns-59.co.uk', 'Spain', '', '', 1445889980]}

CREATE TABLE domains(
    fakedomain INT PRIMARY KEY AUTO_INCREMENT NOT NULL,\
    origdomain TEXT NULL,\
    a_record TEXT NULL,\
    aaaa_record TEXT NULL,\
    mx_record TEXT NULL,\
    ns_record TEXT NULL,\
    country TEXT NULL,\
    created TEXT NULL,\
    updated TEXT NULL,\
    epoch INT(11) NULL);

从混合中提取try/except显示以下回溯：

Traceback (most recent call last):
  File "./twistdb.py", line 60, in <module>
    build_dict()
  File "./twistdb.py", line 45, in build_dict
    cur.execute(insert_sql, (json.dumps(domain_dict)))
  File "/usr/local/lib/python3.4/site-packages/pymysql/cursors.py", line 144, in execute
    query = self.mogrify(query, args)
  File "/usr/local/lib/python3.4/site-packages/pymysql/cursors.py", line 135, in mogrify
    query = query % self._escape_args(args, conn)
TypeError: not enough arguments for format string

回溯（最近一次呼叫最后一次）：
文件“/twistdb.py”，第60行，在
构建dict（）
文件“/twistdb.py”，第45行，内建目录
cur.execute（insert_sql，（json.dumps（domain_dict）））
文件“/usr/local/lib/python3.4/site packages/pymysql/cursors.py”，执行中的第144行
query=self.mogrify（query，args）
文件“/usr/local/lib/python3.4/site packages/pymysql/cursors.py”，第135行，在mogrify中
查询=查询%self.\u转义\u参数（参数，conn）
TypeError:格式字符串的参数不足

由于您使用的是位置占位符，请列出参数：

在将代码块包装成带有裸except的

try/except

之前，您还应该三思。至少，您正在使调试和理解问题的位置和内容变得更加困难。另见：

---

删除try/except并让其失败-发布打印的回溯。将回溯添加到原始帖子。