cursor.execute（" INSERT INTO im_entry.test（" + entrym +"）VALUES（'" + p +"'）;"） [英] cursor.execute("INSERT INTO im_entry.test ("+entrym+") VALUES ('"+p+"');")

问题描述

   entrym='entry'
   entrym=entrym+ str(idx)

   cursor.execute("INSERT INTO im_entry.test ("+entrym+") VALUES ('"+p+"');")

..其中entry1，entry2 ..等是我的数据库表...程序没​​有显示任何错误..但p值不会插入到数据库..什么是错误。帮助我

I am using a query like this.. Where entry1, entry2.. etc are my database tables..Program doesn't show any errors.. But p value is not get inserted in to db.. What is wrong..please help me

推荐答案

默认情况下，psycopg2自动启动事务，这意味着你必须告诉它提交。请注意， commit 是连接的方法，而不是游标。

By default, psycopg2 starts transactions for you automatically, which means that you have to tell it to commit. Note that commit is a method of the connection, not the cursor.

conn = psycopg2.connection('...')
cur = conn.cursor()
cur.execute("...")
conn.commit()

目的是可以在单个事务中将多个语句组合在一起，但也是出于性能原因。

The intent is that you can group multiple statements together in a single transaction, so other queries won't see half-made changes, but also for performance reasons.

还要注意，您应该始终使用占位符，而不是将字符串连接在一起。例如：

Also note that you should always use placeholders, instead of concatenating strings together. E.g.:

cur.execute("INSERT INTO im_entry.test (colname) VALUES (%s)", [p])

否则会有风险 SQL注入攻击。

这篇关于cursor.execute（" INSERT INTO im_entry.test（" + entrym +"）VALUES（'" + p +"'）;"）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！