Python “保护”;请求
我有这样一个sql请求:Python “保护”;请求,python,sql,sqlite,Python,Sql,Sqlite,我有这样一个sql请求: "INSERT INTO pirate(title, title_simple, user, magnet_link, \ url, created, size, infos, images, description, number, response, new) VALUES (\"{0}\", \"{1}\", \"{2}\", \"{3}\", \ \"{4}\", \"{5}\", \"{6}\", \"{7}\", \"{8}\", \"{9}\",
"INSERT INTO pirate(title, title_simple, user, magnet_link, \
url, created, size, infos, images, description, number, response, new) VALUES
(\"{0}\", \"{1}\", \"{2}\", \"{3}\", \
\"{4}\", \"{5}\", \"{6}\", \"{7}\", \"{8}\", \"{9}\", \"{10}\", \"{11}\", \"{12}\")".format(blablabla...)
“\"{9}\"
“requete = "INSERT INTO pirate(title, title_simple, user, magnet_link, \
url, created, size, infos, images, description, number, response, new) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
params = (torrent.title, simpleChar(torrent.title), torrent.user, torrent.magnet_link,
str(torrent.url), torrent.created, strByteToOctet(torrent.size)[1],
str_infos, str_images, torrent.info, torrent.id, retours, True)
bdd = sqlite3.connect("fichiers.sqlite")
bdd.row_factory = sqlite3.Row
c = bdd.cursor()
c.execute(requete, params)
bdd.commit()
c.close()
bdd.close()
而且,我是在线程中执行此操作的,因此我无法轻松地调试信息将值的转义留给数据库适配器。改为使用SQL参数,而不是字符串格式:
query = """\
INSERT INTO pirate(
title, title_simple, user, magnet_link,
url, created, size, infos, images, description, number, response, new)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
"""
params = (pirate_title, simplify(pirate_title), userid, link, url,
datetime.now(), 0, torrent_infos, torrent_images, desc,
42, response, True)
cursor.execute(query, params)
?execute()在这种情况下,params是什么?@user1585507:字符串格式中
blablabla?