Python,当我输入变量的实际值时,MySQL语句有效,但使用变量时却无效?
[英]Python, A MySQL statement works when I put in actual value of variable, but not when using variable?
问题描述
Have the following code, it is part of a script used to read stdin, and process logs. 
具有以下代码,它是用于读取stdin和处理日志的脚本的一部分。
jobId = loglist[19]
deliveryCount += 1
dbcur.execute('UPDATE campaign_stat_delivered SET pmta_delivered = pmta_delivered + %s WHERE id = %s') % (deliveryCount,jobId)
dbcon.commit()
dbcon.close()
I can run the following: 我可以运行以下命令:
dbcur.execute('UPDATE campaign_stat_delivered SET pmta_delivered = pmta_delivered + 1 WHERE id=1')
dbcon.commit()
dbcon.close()
and it will work. 它会工作。 Not really sure whats going on, and its hard for me to test quickly because I can't actually see the script running since my program feeds directly into it. 我不太确定发生了什么,而且我很难快速测试,因为我的程序直接将脚本输入其中,因此我实际上看不到脚本在运行。 I have to make changes, restart program that feeds, send an email, then check database. 我必须进行更改,重新启动供稿的程序,发送电子邮件,然后检查数据库。 Have other scripts, and am able to use variables in SQL statements with no problem. 拥有其他脚本,并且能够毫无问题地在SQL语句中使用变量。
Any suggestions as to what may be going on? 关于可能发生的事情有什么建议吗? And, any suggestions on how I can test quicker? 而且,关于如何更快进行测试的任何建议?
full code: 完整代码:
import os
import sys
import time
import MySQLdb
import csv
if __name__=="__main__":
dbcon = MySQLdb.connect(host="tattoine.mktrn.net", port=3306, user="adki", passwd="pKhL9vrMN8BsFrJ5", db="adki")
dbcur = dbcon.cursor()
#type, timeLogged,timeQueued,orig,rcpt,orcpt,dsnAction,dsnStatus,dsnDiag,dsnMta,bounceCat,srcType,srcMta,dlvType,dlvSourceIp,dlvDestinationIp,dlvEsmtpAvailable,dlvSize,vmta,jobId,envId,queue,vmtaPool
while True:
line = sys.stdin.readline()
fwrite = open("debug.log","w")
# fwrite.write(str(deliveryCount))
fwrite.write("test2")
dbcur.execute("INSERT INTO test(event_type) VALUES ('list')")
dbcon.commit()
loglist = line.split(',')
deliveryCount = 0
bounceType = loglist[0]
bounceCategory = loglist[10]
email = loglist[4]
jobId = loglist[19]
if bounceType == 'd':
deliveryCount += 1
fwrite = open("debug2.log","w")
# fwrite.write(str(deliveryCount))
fwrite.write("test3")
dbcur.execute("INSERT INTO test(event_type) VALUES (%d)", deliveryCount)
dbcon.commit()
dbcur.execute('UPDATE campaign_stat_delivered SET pmta_delivered = pmta_delivered + %s WHERE id = %s',(deliveryCount,jobId))
dbcon.commit()
dbcon.close()
1 个解决方案
解决方案1
3 已采纳 2014-05-12 20:41:28
Never use string interpolation to run a sql query. 切勿使用字符串插值来运行sql查询。
You should do: 你应该做:
dbcur.execute(
'UPDATE campaign_stat_delivered SET pmta_delivered = pmta_delivered + %s WHERE id = %s',
(deliveryCount,jobId)
)
There's two arguments to the execute function. execute函数有两个参数。 The query with placeholders, and a tuple of parameters. 带占位符和参数元组的查询。 This way, mysql will escape your parameters for you and prevent sql injection attacks ( http://en.wikipedia.org/wiki/SQL_injection ) 这样,mysql将为您转义参数并防止sql注入攻击( http://en.wikipedia.org/wiki/SQL_injection )
Your error must have come from the fact that you use the % operator on the result of the query 'UPDATE campaign_stat_delivered SET pmta_delivered = pmta_delivered + %s WHERE id = %s' . 您的错误一定是由于您对查询'UPDATE campaign_stat_delivered SET pmta_delivered = pmta_delivered + %s WHERE id = %s'的结果使用了%运算符。 This query in itself (without parameters) is syntactically incorrect for mysql. 在语法上,此查询本身(不带参数)在语法上不正确。 You have to pass the tuple of parameters to the execute function as a second argument. 您必须将参数的元组作为第二个参数传递给execute函数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.