微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

Python参数化的SQL添加了额外的撇号

分类:编程问答

如何解决Python参数化的SQL添加了额外的撇号

在参数化的psycopg2 / flask / postgres查询中插入一个多余的撇号并想知道如何停止它时出现问题。根据我的问题,我在这里阅读了所有似乎文章,以回答我的问题,但没有,没有看到任何东西,所以我在这里!感谢您提供的任何帮助!

错误消息和调试 错误

psycopg2.errors.SyntaxError: Syntax error at or near ")"
LINE 1: ...R t_name LIKE 'rock' OR t_description LIKE 'rock')) LIMIT 20

调试

root:getItems: q = SELECT id,t_part_no,id_category,id_user_modified,id_parent,d_modified,t_name,t_description,t_addr_pdf,t_addr_image,t_addr_site FROM tbl_items  WHERE ( b_enabled = %(t_Item_Enabled)s ) AND (%(t_Item_Search)s)) LIMIT %(t_Item_NumShow)s
root:getItems: t_Item_Search = t_part_no LIKE 'rock' OR t_name LIKE 'rock' OR t_description LIKE 'rock'

相关的密码代码

            t_Item_Search = request.form['Box_Search_String']
            t_Item_Where = ""
            t_Item_Where += "t_part_no LIKE '" + t_Item_Search + "'"
            t_Item_Where += " OR t_name LIKE '" + t_Item_Search + "'"
            t_Item_Where += " OR t_description LIKE '" + t_Item_Search + "'"
            t_Item_Search = t_Item_Where

...

    q += " FROM tbl_items "
    q += " WHERE "
    q += "("
    q += " b_enabled = %(t_Item_Enabled)s"
    if t_Item_Search != '':
        q += " ) AND ("
        q += "%(t_Item_Search)s"
        q += ")"
    q += ")"
    if t_Item_OrderBy != '':
        q += " ORDER BY "
        q += "%(t_Item_OrderBy)s "
        q += "%(t_Item_updown)s"
    q += " LIMIT %(t_Item_NumShow)s"
    logging.debug("getItems: q = " + q)
    logging.debug("getItems: t_Item_Search = " + t_Item_Search)
    vars = {
        "t_Item_Enabled": (t_Item_Enabled=='True'),"t_Item_Search": AsIs(t_Item_Search),"t_Item_OrderBy": t_Item_OrderBy,"t_Item_updown": t_Item_updown,"t_Item_NumShow": int(t_Item_NumShow)
        }
    db_cursor.execute(q,vars)

解决方法

使用AsIst_Item_Search用作SQL表示而不是字符串。
您可能希望使用多行字符串(使用三引号),这使得编写更长/更复杂的sql语句变得更加容易:

from psycopg2.extensions import AsIs
...
cur = conn.cursor()
values = {
    "t_Item_Enabled": True,"t_Item_Search": AsIs(" AND t_part_no LIKE 'rock' OR t_name LIKE 'rock' OR t_description LIKE 'rock'"),"t_Item_OrderBy": "","t_Item_UpDown": "","t_Item_NumShow": 20
}

sql = """
    SELECT
        foo,bar,baz
    FROM
        some_table
    WHERE
        (
        b_enabled = %(t_Item_Enabled)s
        )
        %(t_Item_Search)s
    ORDER BY
        baz
    LIMIT
        %(t_Item_NumShow)s
"""
print(cur.mogrify(sql,values).decode('utf-8'))

输出:

SELECT
    foo,baz
FROM
    some_table
WHERE
    (
    b_enabled = true
    )
    AND t_part_no LIKE 'rock' OR t_name LIKE 'rock' OR t_description LIKE 'rock'
ORDER BY
    baz
LIMIT
    20

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

苹果市值2025年有望达4万亿美元
pythonJavaScriptjavaHTMLPHPreactjsC#AndroidCSSNode.jssqlrpython-3.xMysqLjQueryc++pandasFlutterangularIOSdjangolinuxswifttypescript路由器JSON路由器设置无线路由器h3c华三华三路由器设置华三路由器电脑软件教程arraysdocker软件图文教程Cvue.jslaravelspring-boot