What is the best escape character strategy for Python/MySQL combo?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import MySQLdb | |
| column = str(MySQLdb.escape_string(row[1])) | |
| query = "update myTable set %(column)s = %%s where ID = %%s" % dict(column = column) | |
| cursor2.execute(query, [row[3], row[0]]) |
- row[1] 指的是 column name
- row[3] 指的是要 insert 的 data
- row[0] 指的是 where 條件式域比對的限制條件
比對一下原始的 sql 就很清楚了:
cursor2.execute("update myTable set `"+ str(row[1]) +"` = \"'" + str(row[3]) +"'\" where ID = '"+str(row[0])+"'")
0 意見:
張貼留言