如何在SQL中串联ORDER BY
[英]How to concatenate ORDER BY in sql
问题描述
I am working on a GUI gird and sql. 
我正在使用GUI网格和SQL。 I have two GUI buttons that can be clicked depending on what order the user wants the information. 我有两个GUI按钮,可以根据用户想要信息的顺序进行单击。 The order can be by Employee Last_name or First_name , but not both. 订单可以按员工的Last_name或First_name ,但不能两者都按。 I am not sure how to use that. 我不确定如何使用它。 I am suppose to use concatenation, but am not sure how to. 我想使用串联,但不确定如何使用。
Below is what I tried to do: 以下是我尝试执行的操作:
def sort_employees(self, column):
try:
cursor = db.cursor()
display="SELECT * FROM company ORDER BY '%" + column + "%' "
cursor.execute(display)
entry = cursor.fetchall()
self.display_rows(entry)
Also, the code works fine if I only have on entry: 另外,如果我只有进入的话,代码也可以正常工作:
display="SELECT * FROM company ORDER BY Last_name"
2 个解决方案
解决方案1
0 已采纳 2017-12-12 23:42:46
Not sure why you have % in your query string, it's possible you're confusing it with the %s syntax for string formatting . 不确定为什么查询字符串中包含% ,可能会将其与字符串格式的%s语法混淆。
display = "SELECT * FROM company ORDER BY '%" + column + "%' "
It seems what you want is more like this: 看来您想要的是这样的:
display = "SELECT * FROM company ORDER BY " + column
Or, as I prefer: 或者,如我所愿:
display = 'SELECT * FROM company ORDER BY {column}'.format(column=column)
Of course be careful creating queries like this, you're exposed to SQL security vulnerabilities. 当然,创建此类查询时要小心,您会遇到SQL安全漏洞。
It's better to use a parametrised query instead of string interpolation/concatenation, but I don't know which database interface you're using, but it's easy to find that by searching the docs. 最好使用参数化查询而不是字符串插值/串联,但是我不知道您使用的是哪个数据库接口,但是通过搜索文档很容易找到它。
解决方案2
0 2017-12-12 23:54:00
In SQL, the ORDER BY clause takes, as arguments, a list of column names: 在SQL中, ORDER BY子句将列名列表作为参数:
--correct
ORDER BY firstname, lastname, age
It can also take function outputs: 它还可以获取函数输出:
--correct, sort names beginning with a Z first
ORDER BY CASE WHEN first name LIKE 'Z%' THEN 1 ELSE 2 END, firstname
In some db, putting an integer ordinal on will sort by that column, numbered from the left, starting with 1: 在某些数据库中,放置整数序数将按该列排序,从左开始从1开始编号:
--correct, sort by 3rd column then first
ORDER BY 3,1
It does not take a list of strings that happen to contain column names: 它不包含碰巧包含列名的字符串列表:
--incorrect - not necessarily a syntax error but will not sort by any named column
ORDER BY 'firstname', 'lastname', 'age'
Nor does it take a string of csv column names: 它也不需要一串csv列名:
--incorrect - again not necessarily a syntax error but won't sort on any of the named columns
ORDER BY 'firstname, lastname, age'
Your code falls into the latter categories: you're turning the column name into a string. 您的代码属于后面的几类:您正在将列名转换为字符串。 This is wrong. 错了 The "not working sql" and the "working sql" are very different. “无法正常运行的sql”和“正常运行的sql”非常不同。 Print the result of he concatenation to screen and look at them if you're having a hard time seeing it from the code 将连接结果打印到屏幕上,如果您很难从代码中看到它,请查看它们
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.