Python-MySQL:在运行db.execute(str，vars)时，删除查询中变量值的单引号 [英] Python-MySQL : removing single quotes around variable values in query while running db.execute(str, vars)

问题描述

我正在运行这段代码

    def details(self, dbsettings, payload):
        res = None
        with UseDatabase(dbsettings) as db:
            sql = "select * from %(tablename)s where userid = %(userid)s"
            result = db.run_query_vals(sql, payload)
            res = result.fetchall()
        return res

但出现错误

SQLError:1064(42000):您的SQL语法有错误；检查与您的MariaDB服务器版本相对应的手册以获取正确的语法，以便在"statuser"(第1行的userid ='14')附近使用

SQLError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''statuser' where userid = '14'' at line 1

要传递的参数是:

sql = "select * from %(tablename)s where userid = %(userid)s"
payload = {'tablename' : 'statuser', 'userid' : 14}

据我了解，传递给MySQL的查询大致是

As far as I understand, the query being passed to MySQL is along the lines of

从'statuser'中选择*，其中userid ='14'

select * from 'statuser' where userid = '14'

这是我得到错误的地方；表名不应该用引号引起来.如何包含不带引号的名称/使它们成为反引号?

which is where I get the error; the tablename isnt supposed to be enclosed in quotes. How do I have the name included without the quotes/make them backquotes?

(我不想对表名进行硬编码-这是一个变量，并且在类创建期间根据不同的参数进行了初始化).这里有帮助吗?

(I don't want to hard-code the table name - this is a variable and is initialised according to different parameters during class creation). Any help here?

推荐答案

您可以在python中的字符串中使用.format():

You can use the .format() from string in python:

def details(self, dbsettings, payload):
    res = None
    with UseDatabase(dbsettings) as db:
        sql = "select * from {tablename} where userid = {userid}"
        sql = sql.format(**payload)
        # result = db.run_query_vals(sql, payload) # Method to run query
        res = result.fetchall()
    return res

这篇关于Python-MySQL:在运行db.execute(str，vars)时，删除查询中变量值的单引号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！