如何在 python 中使用 SQL 参数? [英] How do I use SQL parameters with python?

问题描述

我使用的是 python 2.7 和 pymssql 1.9.908.

I am using python 2.7 and pymssql 1.9.908.

在 .net 中查询数据库我会做这样的事情:

In .net to query the database I would do something like this:

using (SqlCommand com = new SqlCommand("select * from Customer where CustomerId = @CustomerId", connection))
{
    com.Parameters.AddWithValue("@CustomerID", CustomerID);
    //Do something with the command
}

我想弄清楚 python 的等价物是什么，尤其是 pymssql.我意识到我可以只进行字符串格式化，但是这似乎不像参数那样正确处理转义(我可能错了).

I am trying to figure out what the equivalent is for python and more particularly pymssql. I realize that I could just do string formatting, however that doesn't seem handle escaping properly like a parameter does (I could be wrong on that).

我如何在 python 中执行此操作?

How do I do this in python?

推荐答案

创建连接对象后db:

cursor = db.execute('SELECT * FROM Customer WHERE CustomerID = %s', [customer_id])

然后使用结果 cursor 对象的任何 fetch... 方法.

then use any of the fetch... methods of the resulting cursor object.

不要被 %s 部分所迷惑:这不是字符串格式化，而是参数替换(不同的 DB API 模块使用不同的语法进行参数替换——pymssql 恰好使用了不幸的%s!-).

Don't be fooled by the %s part: this is NOT string formatting, it's parameter substitution (different DB API modules use different syntax for parameter substitution -- pymssql just happens to use the unfortunate %s!-).

这篇关于如何在 python 中使用 SQL 参数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！