Python MYSQL 更新语句 [英] Python MYSQL update statement

问题描述

我正在尝试使这个 Python MYSQL 更新语句正确(带变量):

I'm trying to get this Python MYSQL update statement correct(With Variables):

cursor.execute ("UPDATE tblTableName SET Year=%s" % Year ", Month=%s" % Month ", Day=%s" % Day ", Hour=%s" % Hour ", Minute=%s" Minute "WHERE Server=%s " % ServerID)   

有什么想法我哪里出错了吗?

Any ideas where I'm going wrong?

推荐答案

应该是:

cursor.execute ("""
   UPDATE tblTableName
   SET Year=%s, Month=%s, Day=%s, Hour=%s, Minute=%s
   WHERE Server=%s
""", (Year, Month, Day, Hour, Minute, ServerID))

您可以也通过基本的字符串操作来实现，

You can also do it with basic string manipulation,

cursor.execute ("UPDATE tblTableName SET Year=%s, Month=%s, Day=%s, Hour=%s, Minute=%s WHERE Server='%s' " % (Year, Month, Day, Hour, Minute, ServerID))

但是这种方式是不鼓励的，因为它会让您对 SQL 注入持开放态度.因为以正确的方式^tm来做这件事很容易(和类似).正确地做.

but this way is discouraged because it leaves you open for SQL Injection. As it's so easy (and similar) to do it the right way^tm. Do it correctly.

唯一需要注意的是，某些数据库后端不遵循相同的字符串替换约定(想到 SQLite).

The only thing you should be careful, is that some database backends don't follow the same convention for string replacement (SQLite comes to mind).

这篇关于Python MYSQL 更新语句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！