警告:您的SQL语法有错误; 查看与您的MySQL服务器版本对应的手册,以便在附近使用正确的语法
[英]Warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near
问题描述
i'm coding parser xml to mysql 
我正在将解析器xml编码为mysql
the full name of error: 错误的全名:
1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CHA3871376-ABZ-1', '\xd0\x91\xd1\x80\xd0\xbe\xd0\xbd\xd0\xb7\xd0\xbe\xd0\xb2\xd0\xbe\xd0\xb5 \xd0\xbc\xd0\xb5\xd1\x82\xd0\xb0\xd0\xbb\xd0\xbb\xd0\xb8\xd1\x87\xd0\xb5\xd1\x81\xd0\xba\xd0\xbe\xd0\xb5 \xd0\xba\xd0\xbe\xd0\xbb\xd1\x8c\xd1\x86\xd0\xbe ' at line 1")
i have xml file 我有xml文件
<model>CHA3871376-ABZ-3</model>
i think trouble is coding but i'm trying 我认为麻烦是编码,但我正在努力
offer_model = item.getElementsByTagName("model")[0].firstChild.nodeValue.decode('utf-8')
sqlfillOffers = "INSERT INTO offers (offer_id, url, price, currency_id, typePrefix, vendor, model, description) VALUES ('"+str(offer_id) + "', '" + str(offer_url) + "', '" + str(offer_price) + "', '" + str(offer_CurrId) + "', '"+str(offer_typePrefix)+"', '"+str(offer_vendor)+"', '"+str(offer_model)+"', '"+str(offer_description)+"');"
What's wrong? 怎么了?
1 个解决方案
解决方案1
2 已采纳 2013-10-13 08:48:25
Do not use string interpolation to build your SQL; 不要使用字符串插值来构建SQL; you'll introduce errors and open yourself up for SQL injection attacks. 你会引入错误并打开自己的SQL注入攻击。
Use SQL parameters instead and let the database adapter take care of escaping the values for you: 请改用SQL参数,让数据库适配器负责为您转义值:
sqlfillOffers = (
"INSERT INTO offers (offer_id, url, price, currency_id, typePrefix, vendor, model, description) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, )"
)
cursor.execute(
sqlfilOffers,
(offer_id, offer_url, offer_price, offer_CurrId, offer_typePrefix, offer_vendor, offer_model, offer_description)
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
您的 SQL 语法有错误; 检查与您的 MySQL 服务器版本相对应的手册,以获取在 ') 附近使用的正确语法 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')
“你的SQL语法有错误; 查看与您的MySQL服务器版本对应的手册,以便在''第1行'附近使用正确的语法 - “You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1”
您的 SQL 语法有错误; 检查与您的 MySQL 服务器版本相对应的手册,以获取在 \'keyword")\' 附近使用的正确语法 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'keyword")\'
您的 SQL 语法有错误; 检查与您的 MySQL 服务器版本相对应的手册,以获取在 '*) 附近使用的正确语法 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '*)
您的SQL语法有错误; 检查与您的MariaDB服务器版本对应的手册,以便在第1行附近使用正确的语法, - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near at line 1",
1064(42000):您的 SQL 语法有错误; 检查与您的 MySQL 服务器版本相对应的手册,以获取正确的语法使用 - 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use
修复“查看与您的 MySQL 服务器版本相对应的手册,以获取在 '%s 附近使用的正确语法” - FIX “Check the manual that corresponds to your MySQL server version for the right syntax to use near '%s”
_mysql_exceptions错误(1064,“检查与MySQL服务器版本对应的手册,以便在'default'附近使用正确的语法)VALUES - _mysql_exceptions error(1064, "check the manual that corresponds to your MySQL server version for the right syntax to use near 'default) VALUES
您的 SQL 语法有错误; 检查与您的 MySQL 服务器 PYTHON 相对应的手册 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server PYTHON
42000您的SQL语法错误; 检查与您的MySQL服务器相对应的手册 - 42000 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server
相关标签