Python MYSQL 更新语句
我正在尝试使这个 Python MYSQL 更新语句正确(带变量):
I'm trying to get this Python MYSQL update statement correct(With Variables):
cursor.execute ("UPDATE tblTableName SET Year=%s" % Year ", Month=%s" % Month ", Day=%s" % Day ", Hour=%s" % Hour ", Minute=%s" Minute "WHERE Server=%s " % ServerID)
有什么想法我哪里出错了吗?
Any ideas where I'm going wrong?
推荐答案
应该是:
cursor.execute ("""
UPDATE tblTableName
SET Year=%s, Month=%s, Day=%s, Hour=%s, Minute=%s
WHERE Server=%s
""", (Year, Month, Day, Hour, Minute, ServerID))
您可以也通过基本的字符串操作来实现,
You can also do it with basic string manipulation,
cursor.execute ("UPDATE tblTableName SET Year=%s, Month=%s, Day=%s, Hour=%s, Minute=%s WHERE Server='%s' " % (Year, Month, Day, Hour, Minute, ServerID))
但是这种方式是不鼓励的,因为它会让您对 SQL 注入持开放态度.因为以正确的方式tm来做这件事很容易(和类似).正确地做.
but this way is discouraged because it leaves you open for SQL Injection. As it's so easy (and similar) to do it the right waytm. Do it correctly.
唯一需要注意的是,某些数据库后端不遵循相同的字符串替换约定(想到 SQLite).
The only thing you should be careful, is that some database backends don't follow the same convention for string replacement (SQLite comes to mind).
相关文章