在Python和MySQL中的另一个Select语法中选择_Python_Mysql_Select

在Python和MySQL中的另一个Select语法中选择

python mysql select

在Python和MySQL中的另一个Select语法中选择,python,mysql,select,Python,Mysql,Select,我有一个mysql select命令，它根据以下两个select命令计算返回的行数： SELECT count(*)-1 as elmlen FROM invertedindextb WHERE dewId IN (SELECT dewId FROM invertedindextb WHERE eTypeId = ? and trm = ?) and docId IN (SELECT docId FROM invertedin

我有一个mysql select命令，它根据以下两个select命令计算返回的行数：

  SELECT  count(*)-1  as elmlen FROM  invertedindextb WHERE
  dewId IN 
         (SELECT  dewId  FROM  invertedindextb WHERE eTypeId = ? and trm = ?) 
  and docId IN
         (SELECT  docId  FROM  invertedindextb WHERE eTypeId = ? and trm = ?)

def lenOfNode (self, cursor,  eTypeId , trm):


    sql = """ SELECT COUNT(*)-1 AS LEN FROM invertedindextb WHERE  \
              dewId IN ("SELECT  dewId  FROM  invertedindextb WHERE eTypeId = '%d' and trm = '%s' %(eTypeId,trm)") \
              and  docId IN  ("SELECT docId FROM  invertedindextb WHERE eTypeId = '%d' and trm = '%s' %(eTypeId,trm)") """

    cursor.execute(sql)
    results = cursor.fetchone()
    print results[0]
    return results[0]

我编写了一个python函数，实现了上述select命令，如下所示：

  SELECT  count(*)-1  as elmlen FROM  invertedindextb WHERE
  dewId IN 
         (SELECT  dewId  FROM  invertedindextb WHERE eTypeId = ? and trm = ?) 
  and docId IN
         (SELECT  docId  FROM  invertedindextb WHERE eTypeId = ? and trm = ?)

def lenOfNode (self, cursor,  eTypeId , trm):


    sql = """ SELECT COUNT(*)-1 AS LEN FROM invertedindextb WHERE  \
              dewId IN ("SELECT  dewId  FROM  invertedindextb WHERE eTypeId = '%d' and trm = '%s' %(eTypeId,trm)") \
              and  docId IN  ("SELECT docId FROM  invertedindextb WHERE eTypeId = '%d' and trm = '%s' %(eTypeId,trm)") """

    cursor.execute(sql)
    results = cursor.fetchone()
    print results[0]
    return results[0]

虽然函数运行（但计算出错误的答案），但我不确定select命令的语法在python中是否正确

有人能帮我找到select语句的正确语法吗？

不要在

sql

字符串中使用

，因为它是用三重引号开始的，所以所有新行都已经可以了

您将

运算符的参数放入字符串中，并将其转换为文字文本。在执行查询之前尝试打印查询，如

def lenOfNode (self, cursor,  eTypeId , trm):
    sql = """ SELECT COUNT(*)-1 AS LEN FROM invertedindextb WHERE  \
              dewId IN ("SELECT  dewId  FROM  invertedindextb WHERE eTypeId = '%d' and trm = '%s' %(eTypeId,trm)") \
              and  docId IN  ("SELECT docId FROM  invertedindextb WHERE eTypeId = '%d' and trm = '%s' %(eTypeId,trm)") """

    print "My real sql query was:\n", sql

    cursor.execute(sql)
    results = cursor.fetchone()
    print results[0]
    return results[0]

你的错误是

“aaa%d”%（10，）

字符串（应该给出

“aaa 10”

）变成了

“aaa%d”%（10，）”

（并且会给出

“aaa%d”%（10，）”

），这不是你想要的。对我来说，了解这些事情的最好方法是使用%ed magick命令在IPython控制台中尝试我代码中所有可疑的部分

在sql查询中使用

%s

会在代码中引入直接漏洞-sql注入

我忘了在where子句的第一个select命令和第二个select命令之间添加and运算符，因此按如下方式添加and运算符def将运行并返回正确的结果：

 sql = """ SELECT (COUNT(*)-1) AS LEN FROM invertedindextb WHERE
             (dewId IN (SELECT  dewId  FROM  invertedindextb WHERE eTypeId = '%d' and trm = '%s') and
              docId IN  (SELECT  docId  FROM  invertedindextb WHERE eTypeId = '%d' and trm = '%s')) """ %(eTypeId,trm,eTypeId,trm)

非常感谢。我按照你的建议更改了代码，但仍然有问题