使用python和postgres,execute函数中的变量? [英] Using python and postgres, variables within execute function?
问题描述
我对访问PostgreSQL服务器的python函数中变量的用法有疑问.例如,以下内容:
I had a question regarding the usage of variables inside a python function which accesses the PostgreSQL server. For example, the following:
def delete():
cur.execute(
"""DELETE FROM potluck
WHERE name = var_1;"""
但是,如果我希望更新函数为var_1接受变量,我该怎么做?
However, If I wanted the update function to take in variables for var_1, how would I do so?
例如,我希望我的函数采用以下形式:
For example, I want my function to be in the form:
def delete(var_1):
cur.execute(
"""DELETE FROM potluck
WHERE name = %s;""", (var_1))
但是,仅仅键入那是行不通的.
However, just typing that didn't work.
此外,在以下情况下如何处理
In addition, how about in the case when:
def delete(name, var_1):
cur.execute(
"""DELETE FROM potluck
WHERE %s = %s;""", (name, var_1))
我不希望将名称"插入字符串时用引号引起来吗?
where I don't want "name" to have quotation marks when it is inserted into the string?
任何帮助将不胜感激!
推荐答案
已解决:
我知道我做错了.我唯一需要做的更改是在var_1之后添加一个逗号,因为: 对于位置变量绑定,即使第二个参数包含一个变量,第二个参数也必须始终是一个序列.请记住,Python需要用逗号来创建单个元素元组."
I see what I was doing wrong. The only change I needed to make was add a comma after var_1, since: "For positional variables binding, the second argument must always be a sequence, even if it contains a single variable. And remember that Python requires a comma to create a single element tuple".
例如:
def delete(var_1):
cur.execute(
"""DELETE FROM potluck
WHERE name = %s;""", (var_1,))
这有效.我从以下位置获得了信息:
This works. I got the info from:
http://initd.org/psycopg/docs/usage.html# sql-injection
在第二种情况下,请参考以下使用AsIs的其他答案.那个有效.例如:
In the second case, then please reference the other answer below, which uses AsIs. That works. For example:
def delete(name, var_1):
cur.execute(
"""DELETE FROM potluck
WHERE %s = %s;""", (AsIs(name), var_1))
就可以了.谢谢!
这篇关于使用python和postgres,execute函数中的变量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!