如何解决Python参数化的SQL添加了额外的撇号
在参数化的psycopg2 / flask / postgres查询中插入一个多余的撇号并想知道如何停止它时出现问题。根据我的问题,我在这里阅读了所有似乎的文章,以回答我的问题,但没有,没有看到任何东西,所以我在这里!感谢您提供的任何帮助!
psycopg2.errors.SyntaxError: Syntax error at or near ")"
LINE 1: ...R t_name LIKE 'rock' OR t_description LIKE 'rock')) LIMIT 20
调试
root:getItems: q = SELECT id,t_part_no,id_category,id_user_modified,id_parent,d_modified,t_name,t_description,t_addr_pdf,t_addr_image,t_addr_site FROM tbl_items WHERE ( b_enabled = %(t_Item_Enabled)s ) AND (%(t_Item_Search)s)) LIMIT %(t_Item_NumShow)s
root:getItems: t_Item_Search = t_part_no LIKE 'rock' OR t_name LIKE 'rock' OR t_description LIKE 'rock'
相关的密码代码
t_Item_Search = request.form['Box_Search_String']
t_Item_Where = ""
t_Item_Where += "t_part_no LIKE '" + t_Item_Search + "'"
t_Item_Where += " OR t_name LIKE '" + t_Item_Search + "'"
t_Item_Where += " OR t_description LIKE '" + t_Item_Search + "'"
t_Item_Search = t_Item_Where
...
q += " FROM tbl_items "
q += " WHERE "
q += "("
q += " b_enabled = %(t_Item_Enabled)s"
if t_Item_Search != '':
q += " ) AND ("
q += "%(t_Item_Search)s"
q += ")"
q += ")"
if t_Item_OrderBy != '':
q += " ORDER BY "
q += "%(t_Item_OrderBy)s "
q += "%(t_Item_updown)s"
q += " LIMIT %(t_Item_NumShow)s"
logging.debug("getItems: q = " + q)
logging.debug("getItems: t_Item_Search = " + t_Item_Search)
vars = {
"t_Item_Enabled": (t_Item_Enabled=='True'),"t_Item_Search": AsIs(t_Item_Search),"t_Item_OrderBy": t_Item_OrderBy,"t_Item_updown": t_Item_updown,"t_Item_NumShow": int(t_Item_NumShow)
}
db_cursor.execute(q,vars)
解决方法
使用AsIs将t_Item_Search
用作SQL表示而不是字符串。
您可能希望使用多行字符串(使用三引号),这使得编写更长/更复杂的sql语句变得更加容易:
from psycopg2.extensions import AsIs
...
cur = conn.cursor()
values = {
"t_Item_Enabled": True,"t_Item_Search": AsIs(" AND t_part_no LIKE 'rock' OR t_name LIKE 'rock' OR t_description LIKE 'rock'"),"t_Item_OrderBy": "","t_Item_UpDown": "","t_Item_NumShow": 20
}
sql = """
SELECT
foo,bar,baz
FROM
some_table
WHERE
(
b_enabled = %(t_Item_Enabled)s
)
%(t_Item_Search)s
ORDER BY
baz
LIMIT
%(t_Item_NumShow)s
"""
print(cur.mogrify(sql,values).decode('utf-8'))
输出:
SELECT
foo,baz
FROM
some_table
WHERE
(
b_enabled = true
)
AND t_part_no LIKE 'rock' OR t_name LIKE 'rock' OR t_description LIKE 'rock'
ORDER BY
baz
LIMIT
20
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。