ADO中的MSSQL LIKE和IN语句问题 [英] MSSQL LIKE and IN statements in ADO problem
问题描述
Helo家伙,
我正在尝试使用ADO查询MSSQL数据库。
我无法使LIKE语句获取正确的结果。
有谁可以告诉我需要做些什么才能让它正常工作?
下面是代码片段:
import win32com.client < br $>
const = win32com.client.constants
#conn =建立SQL连接
cmd = win32com.client.Dispatch(" ADODB.Command)
cmd.ActiveConnection = conn
name =''@ fname''
value =" ''raj"
p = cmd.CreateParameter(name,const.adVarchar,Value = value)
cmd.Parameters.Append(p)
cmd.CommandText = \
" SELECT * FROM tb_name WHERE firstname LIKE @ fname"
cmd.CommandType = const.adCmdText
(rs,dummy)= cmd.Execute()
而不是rs.EOF:
打印rs.Fields(''firstname'')。值
rs.MoveNext()
rs.Close()
我最初使用''%?%''符号,但现在不起作用,现在,
i将它更改为@fname,但这会返回一个追溯,告诉我需要
来声明@fname。
此外,我还有另一个问题,即使用 IN" SQL声明。
我提前感谢您的帮助,
谢谢,
Raja Raman >
Helo guys,
I am trying to query the MSSQL DB using ADO.
I am not able to make the LIKE statement fetch the correct results.
Can anyone tell me what I need to do to get this working?
Below is the code snippet:
import win32com.client
const = win32com.client.constants
#conn = establish SQL connection
cmd = win32com.client.Dispatch("ADODB.Command")
cmd.ActiveConnection = conn
name = ''@fname''
value = "''raj"
p=cmd.CreateParameter(name, const.adVarchar, Value=value)
cmd.Parameters.Append(p)
cmd.CommandText = \
"SELECT * FROM tb_name WHERE firstname LIKE @fname"
cmd.CommandType = const.adCmdText
(rs, dummy) = cmd.Execute()
while not rs.EOF:
print rs.Fields(''firstname'').Value
rs.MoveNext()
rs.Close()
I originally was using the ''%?%'' symbol but that did not work and now,
i changed it to @fname but this returns a traceback telling that I need
to declare @fname.
Also, I have another probelm with using the "IN" SQL statement.
I appreciate your help in advance,
Thank you,
Raja Raman
推荐答案
你不能摆脱创建参数部分并直接传递
你的价值寻找?类似......
name =''raj''
cmd.CommandText = \
" SELECT * FROM tb_name WHERE firstname LIKE %%% s" %name
这样,当调用
CommandText方法时,name变量的值会被传递。顺便说一句,这看起来太痛苦了,就像
Visual Basic而不是Python :-)开玩笑(有点)
Can''t you get rid of the Create Parameter part and directly pass along
the value you are looking for? Something like...
name = ''raj''
cmd.CommandText= \
"SELECT * FROM tb_name WHERE firstname LIKE %%%s" % name
This way the value of the name variable gets passed along when the
CommandText method is invoked. BTW, this looks too painfully much like
Visual Basic than Python :-) Just kidding (kind of)
对不起忘了用字符串替换的东西解释一下,你可以通过加倍百分号来逃避百分号。在我的例子中,我想
在值之前保留前导百分号,在这种情况下我想要
LIKE%raj出现。所以我加倍了。这就是为什么连续三个百分比b $ b%的迹象。最后一个是与name变量的
字符串替换相关联的那个。有道理吗?
Sorry forgot to explain that with the string substitution stuff you can
escape the percent sign by doubling it up. In my example I wanted to
retain the leading percent sign before the value, in this case I wanted
LIKE %raj to appear. So I doubled it up. That''s why there are three
percent signs in a row. The last one is the one associated with the
string substitution for the name variable. Make sense?
gregarican写道:
gregarican wrote:
抱歉忘了解释用字符串替换的东西你可以逃脱通过加倍百分号。在我的例子中,我想在值之前保留前导百分号,在这种情况下我想要
LIKE%raj出现。所以我加倍了。这就是为什么连续三个百分号的原因。最后一个是与name变量的
字符串替换相关联的那个。有意义吗?
Sorry forgot to explain that with the string substitution stuff you can
escape the percent sign by doubling it up. In my example I wanted to
retain the leading percent sign before the value, in this case I wanted
LIKE %raj to appear. So I doubled it up. That''s why there are three
percent signs in a row. The last one is the one associated with the
string substitution for the name variable. Make sense?
现在谷歌的sql注入漏洞并告诉我们为什么这是一个坏主意。
问候
Steve
-
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/
Now Google for "sql injection vulnerability" and tell us why this is a
bad idea.
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/
这篇关于ADO中的MSSQL LIKE和IN语句问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!