Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/55.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python MySQLdb执行表插入_Python_Mysql_Mysql Python - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python MySQLdb执行表插入

Python MySQLdb执行表插入

python mysql

Python MySQLdb执行表插入,python,mysql,mysql-python,Python,Mysql,Mysql Python,我是MySql和MySQLdb的新手。但是我已经试了几个小时来解决这个问题 我有一张这样的桌子: > Traceback (most recent call last): File > "C:\Users\Emil\Desktop\flaskr\flaskr.py", line 29, in <module> > cur.execute(str % ('admin', 'password')) File "C:\Python27\lib\site-p

我是MySql和MySQLdb的新手。但是我已经试了几个小时来解决这个问题

我有一张这样的桌子:

> Traceback (most recent call last):   File
> "C:\Users\Emil\Desktop\flaskr\flaskr.py", line 29, in <module>
>     cur.execute(str % ('admin', 'password'))   File "C:\Python27\lib\site-packages\MySQLdb\cursors.py", line 202, in
> execute
>     self.errorhandler(self, exc, value)   File "C:\Python27\lib\site-packages\MySQLdb\connections.py", line 36, in
> defa lterrorhandler
>     raise errorclass, errorvalue
> _mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL synta ; check the manual that corresponds to your MySQL server
> version for the right yntax to use near ''id', 'username', 'password')
> VALUES (NULL, admin, password)  at line 1")
mysql>描述用户

代码部分:

def connect_db():
    conn = MySQLdb.connect(user='root',
                            passwd='',
                            db='flask',
                            host='localhost')
    return conn


cur = connect_db().cursor()


cur.execute("DROP TABLE IF EXISTS users")
cur.execute("CREATE TABLE users(id INT PRIMARY KEY AUTO_INCREMENT, \
                username VARCHAR(25), password VARCHAR(25))")

str = "INSERT INTO users ('id', 'username', 'password') VALUES (NULL, %s, %s)"

cur.execute(str % ('admin', 'password'))
我犯了这样一个错误:

> Traceback (most recent call last):   File
> "C:\Users\Emil\Desktop\flaskr\flaskr.py", line 29, in <module>
>     cur.execute(str % ('admin', 'password'))   File "C:\Python27\lib\site-packages\MySQLdb\cursors.py", line 202, in
> execute
>     self.errorhandler(self, exc, value)   File "C:\Python27\lib\site-packages\MySQLdb\connections.py", line 36, in
> defa lterrorhandler
>     raise errorclass, errorvalue
> _mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL synta ; check the manual that corresponds to your MySQL server
> version for the right yntax to use near ''id', 'username', 'password')
> VALUES (NULL, admin, password)  at line 1")

>回溯(最近一次调用上次):文件
>“C:\Users\Emil\Desktop\flaskr\flaskr.py”,第29行,在
>cur.execute(str%('admin','password'))文件“C:\Python27\lib\site packages\MySQLdb\cursors.py”,第202行,在
>执行
>errorhandler(self,exc,value)文件“C:\Python27\lib\site packages\MySQLdb\connections.py”,第36行,在
>德法尔特罗汉德勒酒店
>提高errorclass,errorvalue
>\u mysql\u exceptions.ProgrammingError:(1064,“您的SQL语法中有错误;请检查与您的mysql服务器对应的手册
>在“id”、“用户名”、“密码”附近使用的yntax权限的版本)
>第1行的值(NULL、admin、password)
我想我的INSERT命令有问题。我不知道该怎么做,并且已经尝试在谷歌上搜索可能有帮助的内容。

以下是使用当前解决方案得到的查询结果:

INSERT INTO users ('id', 'username', 'password') VALUES (NULL, admin, password)
如您所见,
admin
password
周围没有引号-这就是
编程错误
异常的原因

除此之外,通过字符串格式插入查询参数会使代码容易受到SQL注入的攻击

相反,参数化查询

query = """
    INSERT INTO 
        users 
        ('id', 'username', 'password') 
    VALUES 
        (NULL, %s, %s)
"""

cur.execute(query, ('admin', 'password'))