Python MYSQL更新声明 [英] Python MYSQL update statement

问题描述

我正在尝试使此Python MYSQL更新语句正确(带有变量):

I'm trying to get this Python MYSQL update statement correct(With Variables):

cursor.execute ("UPDATE tblTableName SET Year=%s" % Year ", Month=%s" % Month ", Day=%s" % Day ", Hour=%s" % Hour ", Minute=%s" Minute "WHERE Server=%s " % ServerID)   

有什么想法我要去哪里吗?

Any ideas where I'm going wrong?

推荐答案

应该应该:

cursor.execute ("""
   UPDATE tblTableName
   SET Year=%s, Month=%s, Day=%s, Hour=%s, Minute=%s
   WHERE Server=%s
""", (Year, Month, Day, Hour, Minute, ServerID))

您还可以也通过基本的字符串操作来做到这一点，

You can also do it with basic string manipulation,

cursor.execute ("UPDATE tblTableName SET Year=%s, Month=%s, Day=%s, Hour=%s, Minute=%s WHERE Server='%s' " % (Year, Month, Day, Hour, Minute, ServerID))

但 此方法不受欢迎，因为它使您可以进行SQL注入 .由于以正确的方式 ^tm 做到这一点非常容易(且类似).正确地做.

but this way is discouraged because it leaves you open for SQL Injection. As it's so easy (and similar) to do it the right way^tm. Do it correctly.

您唯一需要注意的是，某些数据库后端没有遵循相同的字符串替换约定(想到了SQLite).

The only thing you should be careful, is that some database backends don't follow the same convention for string replacement (SQLite comes to mind).

这篇关于Python MYSQL更新声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！