堆栈内存溢出
  简体   繁体   English

在Python中使用“”执行SQL

[英]Executing SQL with “ ” from Python

 原文  2013-12-10 10:32:07       python/ sql/ ms-access

问题描述

I have trouble executing a SQL-statement from Python because of the " " in the selection. 由于选择中的“”,我无法从Python执行SQL语句。 I think I've tried every combination, but can't figure it out. 我想我已经尝试了每种组合,但无法弄清楚。 Can you please help me? 你能帮我么? 

cnxn = pyodbc.connect("DRIVER={Microsoft Access Driver (*.mdb)};DBQ=c:\\python33\salesdb.mdb")
cursor = cnxn.cursor()
v_sql = "SELECT DISTINCT tblSeller.ID, tblSeller.Navn FROM tblResult INNER JOIN tblSeller ON tblResult.SellerID = tblSeller.ID WHERE (((tblSeller.Name)="Robert Smith" ))"
cursor.execute(v_sql)

The problem is the " around Robert Smith in the SQL. 问题在于SQL中的Robert Smith。

3 个解决方案

解决方案1
 2 已采纳  2013-12-10 10:33:12

You would escape the quotes or use a different quoting style. 您将转义引号或使用其他引号样式。 Single quotes would do here, for example. 例如,单引号将在此处执行。

Using single quotes: 使用单引号: 

v_sql = 'SELECT DISTINCT tblSeller.ID, tblSeller.Navn FROM tblResult INNER JOIN tblSeller ON tblResult.SellerID = tblSeller.ID WHERE (((tblSeller.Name)="Robert Smith" ))'

Using escaping: 使用转义: 

v_sql = "SELECT DISTINCT tblSeller.ID, tblSeller.Navn FROM tblResult INNER JOIN tblSeller ON tblResult.SellerID = tblSeller.ID WHERE (((tblSeller.Name)=\"Robert Smith\" ))"

or you can use triple quotes (one of ''' or """ ); these allow for easy multi-line strings as newlines are allowed and included in the final string value: 或者,您可以使用三重引号( '''""" );由于允许使用换行符并将其包含在最终的字符串值中,因此这些引号允许使用简单的多行字符串: 

v_sql = """
SELECT DISTINCT tblSeller.ID, tblSeller.Navn 
FROM tblResult INNER JOIN tblSeller ON tblResult.SellerID = tblSeller.ID
WHERE (((tblSeller.Name)=\"Robert Smith\" ))
"""

解决方案2
 2  2013-12-10 10:33:30

Try mixing with single quotes: 尝试混合使用单引号: 

v_sql = "SELECT DISTINCT tblSeller.ID, tblSeller.Navn FROM tblResult INNER JOIN tblSeller ON tblResult.SellerID = tblSeller.ID WHERE (((tblSeller.Name)='Robert Smith' ))"

or 要么 

v_sql = 'SELECT DISTINCT tblSeller.ID, tblSeller.Navn FROM tblResult INNER JOIN tblSeller ON tblResult.SellerID = tblSeller.ID WHERE (((tblSeller.Name)="Robert Smith" ))'

In python strings can either be quoted with a doublequote " or a singlequote ' . This is very usefull in these cases. 在python中,字符串可以用双引号"或单引号"引起' ,这在这些情况下非常有用。

解决方案3
 2  2013-12-10 10:48:54

In Python you can create string using ' or " as other says. 在Python中,你可以使用创建的字符串'"其他说。

But in this case I would like to propose using PreparedStatement instead of simple query. 但是在这种情况下,我想建议使用PreparedStatement而不是简单查询。 Such PreparedStatement uses ? 这样的PreparedStatement用途是? in place of arguments and arguments are simply array: 代替参数,参数只是数组: 

v_sql = "SELECT DISTINCT tblSeller.ID, tblSeller.Navn FROM tblResult INNER JOIN tblSeller ON tblResult.SellerID = tblSeller.ID WHERE (((tblSeller.Name)=?))"
rs = c.execute(v_sql, ["Robert Smith", ])

PreparedStatements have many advantages: they are simpler to database engines to parse, and cache query plans, they are SQLInjection attacks safe etc. PreparedStatement具有许多优点:数据库引擎可以更轻松地解析它们并缓存查询计划,它们可以安全地进行SQLInjection攻击。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Mysql,python,SQL没有执行 - Mysql, python, SQL not executing 从SQL Server执行Python脚本时,用户登录失败 - Login failed for user while executing Python script from SQL Server 使用sys.odcinumberlist作为参数从python执行PL / SQL过程 - Executing PL/SQL procedure from python with sys.odcinumberlist as parameter 在 Python 中执行 SQL Server 查询 - Executing SQL Server Query in Python python sqlalchemy不执行sql查询 - python sqlalchemy not executing sql query 从Python执行VBAscript - Executing VBAscript from Python 从 Python 执行 Javascript - Executing Javascript from Python 从 python 执行子进程 - executing a subprocess from python 从python执行wget - Executing wget from python 从Python执行ffmpeg - Executing ffmpeg from Python
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM