预定义函数,用于格式化Python中用于SQL的字符串
[英]Pre-defined function to format strings in Python to be used in SQL
问题描述
First of all i'm French so if you see any mistakes in my message, don't hesitate to tell me ! 
首先我是法国人所以,如果你发现我的信息有任何错误,请不要犹豫告诉我! :) :)
Here's my problematic : I'm currently making a Python function, to build SQL requests, inserting in my database a large string (the HTML code to a webpage). 这是我的问题:我正在制作一个Python函数,构建SQL请求,在我的数据库中插入一个大字符串(HTML代码到网页)。
As you may know, SQL have some requirements regarding the string you use. 您可能知道,SQL对您使用的字符串有一些要求。 For example you can't use ' I'm a developper' sentence because of the ' ' ' thing. 例如,你不能使用' I'm a developper'句子,因为'''的东西。
Do you know if any pre-defined function exist to modify a chain to make sure I could use it in an SQL Request ? 您是否知道是否存在任何预定义的函数来修改链以确保我可以在SQL请求中使用它?
I'm also asking that because I don't know all the requirements to a string to be interpreted without a problem. 我也问这个因为我不知道字符串的所有要求都没有问题。
I hope I've been clear, let me know if I havent ! 我希望我已经清楚了,如果我没有,请告诉我! Have a nice day. 祝你今天愉快。
EDIT : I'm on Python 3.4.3 EDIT2: I'm using MySQL 编辑:我在Python 3.4.3 EDIT2:我正在使用MySQL
2 个解决方案
解决方案1
2 已采纳 2018-01-26 13:58:01
This is a pretty broad question and I think you should refine it. 这是一个非常广泛的问题,我认为你应该改进它。
As for good practices with SQL in general you first need to : 至于SQL的良好实践,首先需要:
Make sure you are using the proper library (and the most up to date) depending or your situation (MySQL, Oracle, SQLite, etc.)
确保您使用正确的库(以及最新的)取决于您的情况(MySQL,Oracle,SQLite等) Escape string.
逃脱字符串。 The library usually has a function for this. 该库通常具有此功能。 You can also use formator%.您也可以使用format或%。Test, unit tests or at least manual one... What I usually do to prototype is to first generate the SQL statement and print it.
测试,单元测试或至少是手动测试......我通常做的原型是首先生成SQL语句并打印它。 Then I copy this statement and test it directly into SQL command line. 然后我复制这个语句并直接测试它到SQL命令行。 This way you're sure it's working for SQL. 这样你就可以确定它适用于SQL。 Then from there, you'll need to escape special characters with \\.然后从那里,你需要用\\来转义特殊字符。 Second points would cover that though.然而,第二点将涵盖这一点。 Finally you want to wrap your code in a
try / catchstatement so you can control failures.最后,您希望将代码包装在try / catch语句中,以便控制失败。If it still does not work, a good, somewhat hacky,
.replace()will.如果它仍然不起作用,那么好的,有点hacky, .replace()会。 An example would be:.replace("'", "\\'").一个例子是: .replace("'", "\\'")。 Make sure you can standardized your input.确保您可以标准化您的输入。
Edit: The length of your statement does not matter if you cover edge cases. 编辑:如果覆盖边缘情况,语句的长度无关紧要。
Edit 2 : Use MySQLdb.escape_string(statement) if you're using mysql-python https://dev.mysql.com/doc/connector-python/en/connector-python-api-cext-escape-string.html 编辑2:如果您使用的是mysql-python, 请使用MySQLdb.escape_string(statement) https://dev.mysql.com/doc/connector-python/en/connector-python-api-cext-escape-string.html
解决方案2
0 2018-01-26 13:50:32
I believe you only need to escape the character and this should work. 我相信你只需要逃避角色,这应该有效。
my_sql_string = 'this my \'word\' with escaped character'
Also, you should probably look into "text" object from sqlalchemy: http://docs.sqlalchemy.org/en/latest/core/tutorial.html#using-textual-sql 另外,你应该从sqlalchemy查看“text”对象: http : //docs.sqlalchemy.org/en/latest/core/tutorial.html#using-textual-sql
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.