Python MySQLdb在哪里像SQL [英] Python MySQLdb WHERE SQL LIKE
本文介绍了Python MySQLdb在哪里像SQL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我最近开始学习用于网络目的的Python和MySQL,但遇到了以下问题:
I have recently started to learn Python and MySQL for web purposes and I have run into a following problem :
我想从mysql数据库中提取一条记录,其中包含我在param部分中输入的任何文本,但是在进行查询时我遇到了以下问题:
I want to pull out from a mysql database one record that contains any text that I enter in param section, howerver I am running into following problem when making a query:
traceback (most recent call last):
File "/Users/Strielok/Desktop/test.py", line 13, in <module>
c.execute("SELECT * FROM data WHERE params LIKE ('%s%') LIMIT 1" % (param))
TypeError: not enough arguments for format string
这是我的代码:
import MySQLdb
db = MySQLdb.connect (host = "localhost",
user = "root",
passwd = "root",
db = "test")
param = "Test"
par = param
c = db.cursor()
c.execute("SELECT * FROM data WHERE params LIKE ('%s%') LIMIT 1" % (param))
data = c.fetchall()
print data
c.close()
提前谢谢.
推荐答案
将数据直接插入SQL字符串不是最佳方法,因为它很容易SQL注入.您应该将其更改为:
Directly inserting the data into the SQL string is not the best way to do this, as it is prone to SQL injection. You should change it to this:
c.execute("SELECT * FROM data WHERE params LIKE %s LIMIT 1", ("%" + param + "%",))
这篇关于Python MySQLdb在哪里像SQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文