用python将数据插入数据库
我使用PythonWeb服务器将数据插入表中。我可以通过ajax调用发送信息以插入用python将数据插入数据库,python,mysql,json,Python,Mysql,Json,我使用PythonWeb服务器将数据插入表中。我可以通过ajax调用发送信息以插入 { "verb":"addPerson", "person":{ "name":"what this", "email":"whatis@gmail" } } def addPerson(model, request): person = request["person"] print person return databas
{
"verb":"addPerson",
"person":{
"name":"what this",
"email":"whatis@gmail"
}
}
def addPerson(model, request):
person = request["person"]
print person
return database.insertObj(person, "users")
打印人员将打印此文件
{u'name': u'what this', u'email': u'whatis@gmail'}
但当我用python创建自己的对象时,它返回一个mysql错误
def test(model, request):
fromUser = request['username']
toUser = request["name"]
fromQuery = "SELECT * FROM users where name='{}' LIMIT 1".format(fromUser)
toQuery = "SELECT * FROM users where name='{}' LIMIT 1".format(toUser)
logRequest = {
'from':str(fromUser),
'too_number':str(database.get_row(toQuery)['telephone']),
'too':str(toUser),
'from_number':str(database.get_row(fromQuery)['telephone']),
'time':str(datetime.datetime.fromtimestamp(time.time()).strftime('%Y-%m-%d %H:%M:%S')),
'responded':'false'
}
print logRequest
print database.insertObj(logRequest, "requests")
这是它的回报
{'error':'MySQL错误:1064(42000):您的SQL中有一个错误
语法;检查与MySQL服务器版本对应的手册
对于正确的语法,请使用near \“from,too,time,too\u number,responsed)
值(“私有数据”、“Dawson Spencer”、“第1行的Daws\”}
logRequest中是否有我的错误?如果是,我将如何修复此问题?能否在
executeSQL()
之前打印sql
查询?不要在sql查询中使用.format()
!这将导致sql注入漏洞。使用数据库适配器提供的函数参数化查询!
def test(model, request):
fromUser = request['username']
toUser = request["name"]
fromQuery = "SELECT * FROM users where name='{}' LIMIT 1".format(fromUser)
toQuery = "SELECT * FROM users where name='{}' LIMIT 1".format(toUser)
logRequest = {
'from':str(fromUser),
'too_number':str(database.get_row(toQuery)['telephone']),
'too':str(toUser),
'from_number':str(database.get_row(fromQuery)['telephone']),
'time':str(datetime.datetime.fromtimestamp(time.time()).strftime('%Y-%m-%d %H:%M:%S')),
'responded':'false'
}
print logRequest
print database.insertObj(logRequest, "requests")