sql更新集? =? 在哪 =? (python,sqlite3)
[英]sql update set ? = ? where ? = ? (python, sqlite3)
问题描述
Python, slite3 
Python,slite3
c.execute("UPDATE accounts SET ? = ? WHERE num=?", (db['choise'], db['data'], db['num']))
so i don't know what is wrong with it 所以我不知道这是怎么回事
db is shelve database db是搁置的数据库
2 个解决方案
解决方案1
2 已采纳 2016-10-11 14:08:20
The column (and table) names cannot be parameterized . 列(和表)名称无法参数化 。 Use string formatting for it and query parameterization for the rest of variables: 对它使用字符串格式,对其余变量使用查询参数化:
c.execute("UPDATE accounts SET {column} = ? WHERE num = ?".format(column=db['choise']), (db['data'], db['num']))
That said, make sure you properly validate/sanitize/escape the db['choise'] value or really trust the source of it (though don't trust anyone when it comes to database interactions). 就是说,请确保您正确验证/清除/转义db['choise']值,或确实信任它的来源(尽管在数据库交互方面不信任任何人)。
解决方案2
1 2016-10-11 14:21:55
Column names cannot be given as arguments. 列名不能作为参数给出。 You can try 你可以试试
c.execute("UPDATE accounts SET "+str(db['choise'])+" = ? WHERE num=?", (db['data'], db['num']))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.