类型错误:强制转换为 Unicode:需要字符串或缓冲区，找到 NoneType [英] TypeError: coercing to Unicode: need string or buffer, NoneType found

问题描述

我正在尝试从 python 脚本创建一个 SQL 字符串.

I am trying to create a SQL string from a python script.

这是代码:

sql_query = ('insert into ithelpdesk ' 
        '(id,display_id,subject,description,priority,status,requester_name,source,responder_id,due_by,updated_at,frDueBy,ticket_type,created_at)'
        ' values ('
        '"' + str(data['id']) + '",'
        '"' + str(data['display_id']) + '",'
        '"' + data['subject'] + '",'
        '"' + data['description'] + '",'
        '"' + str(data['priority']) + '",'
        '"' + str(data['status']) + '",'
        '"' + data['requester_name'] + '",'
        '"' + str(data['source']) + '",'
        '"' + str(data['responder_id']) + '",'
        '"' + str(data['due_by']) + '",'
        '"' + str(data['updated_at']) + '",'
        '"' + str(data['frDueBy']) + '",'
        '"' + data['ticket_type'] + '",'
        '"' + str(data['created_at']) + '"'
        ')')

当我运行时，我收到此回溯消息:

when I run I am getting this traceback message:

Traceback (most recent call last):
 File "c:\users\swatson\dropbox\source files\winpython\dash\newTickets.py", line 198, in <module>
main()
 File "c:\users\swatson\dropbox\source files\winpython\dash\newTickets.py", line 159, in main
addNew(n)
File "c:\users\swatson\dropbox\source files\winpython\dash\newTickets.py", line 65, in addNew
'"' + str(data['created_at']) + '"'
TypeError: coercing to Unicode: need string or buffer, NoneType found

现在我知道一个事实(通过执行 printstr(data['created_at']))在 data['created_at'] 处有一个值，而且我也知道这与 data['updated_at'] 所以我不知道如何解决这个问题?

Now I know for a fact (by doing a printstr(data['created_at'])) that there is a value at data['created_at'], and I also know that is is the same value as with data['updated_at'] so I am at a loss as to how to resolve this?

推荐答案

这里的基本错误是尝试将查询构建为一个字符串.不要那样做.这样 SQL 注入漏洞就会撒谎.

Your fundamental mistake here is to try and build a query as one string. Don't do that. That way SQL injection vulnerabilities lie.

改用 SQL 参数:

sql_query = ('insert into ithelpdesk ' 
        '(id,display_id,subject,description,priority,status,requester_name,source,responder_id,due_by,updated_at,frDueBy,ticket_type,created_at)'
        ' values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
    (data['id'], data['display_id'], data['subject'], data['description'],
     data['priority'], data['status'], data['requester_name'], data['source'], 
     data['responder_id'], data['due_by'], data['updated_at'], data['frDueBy'],
     data['ticket_type'], data['created_at']))

确切的语法取决于您的数据库适配器；可能是您需要使用 %s.许多数据库适配器还支持 named 参数，在这种情况下，您甚至不需要传入 15 个单独的值.您只需在查询中命名要从字典中提取的键:

The exact syntax depends on your database adapter; it could be you need to use %s. Many database adapters also support named parameters, in which case you don't even need to pass in 15 separate values. You just name the keys to extract from the dictionary, in the query:

sql_query = ('insert into ithelpdesk ' 
        '(id,display_id,subject,description,priority,status,requester_name,source,responder_id,due_by,updated_at,frDueBy,ticket_type,created_at)'
        ' values (:id, :display_id, :subject, :description, '
        '         :priority, :status, :requester_name, :source '
        '         :responder_id, :due_by, :updated_at, :frDueBy, '
        '         :ticket_type, :created_at)',
    data)

Python DB API 标准支持几种不同的参数样式.对于位置参数，可以使用 ? 或 %s，对于命名的，:name 或 %(name)s.sqlite3 使用第一种样式，MySQLDB 后者.

The Python DB API standard supports a few different parameter styles. For positional parameters ? or %s can be used, for named, :name or %(name)s. sqlite3 uses the first styles, MySQLDB the latter.

抛出异常，您将 unicode 数据与字符串数据连接起来，并且在某处有一个 None.也许 data['ticket_type'] 是 None.

The exception is thrown you are concatenating unicode data with string data, and there is a None in there somewhere. Perhaps data['ticket_type'] is None.

这篇关于类型错误:强制转换为 Unicode:需要字符串或缓冲区，找到 NoneType的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！