如何在 Python flask 中编写删除 postgresql 查询
[英]How can I write a delete postgresql query in Python flask
问题描述
I was trying to delete from a database table using flask and postgresql, but I keep having error in mysql syntax.Please how can I implement it.
我试图使用 flask 和 postgresql 从数据库表中删除,但我在 mysql 语法中一直出错。请问我该如何实现它。 The two ways below did not work.下面的两种方法都不起作用。 Nb: The id is to be retrieved from a variable.注意:id 将从变量中检索。 I'm actually new to python from php.我实际上是来自 php 的 python 的新手。
my_id = 3
del = engine.execute("DELETE FROM my_table WHERE id = '{my_id}'")
del = engine.execute("DELETE FROM my_table WHERE id=:id", {"id":my_id})
3 个解决方案
解决方案1
0 2020-03-28 10:49:30
You could just do this:你可以这样做:
my_id = 3
result = engine.execute("DELETE FROM my_table WHERE id = %s", my_id)
or或者
result = engine.execute("DELETE FROM my_table WHERE id = %(id)s", id=my_id)
In both of these statements you are assuming that the underlying database connection library (for example psycopg2 or pg8000) are using %-formatting to bind query parameters.在这两个语句中,您都假设底层数据库连接库(例如 psycopg2 或 pg8000)正在使用 % 格式来绑定查询参数。 To avoid this dependency you can use sqlalchemy.text to build the query string:为了避免这种依赖性,您可以使用sqlalchemy.text来构建查询字符串:
import sqlalchemy as sa
result = engine.execute(sa.text("DELETE FROM my_table WHERE id = :id"), id=my_id)
letting sqlalchemy build the query and handle parameter binding and quoting.让 sqlalchemy 构建查询并处理参数绑定和引用。
You should NOT use ordinary python string formatting functions to bind query parameters:不应使用普通的Python字符串格式化函数来绑定查询参数:
engine.execute("DELETE FROM my_table WHERE id = %s" % my_id)
engine.execute("DELETE FROM my_table WHERE id = {}".format(my_id))
engine.execute(f"DELETE FROM my_table WHERE id = {my_id}")
Using these methods may expose your application to SQL injection attacks, because the query parameters may not be quoted correctly.使用这些方法可能会将您的应用程序暴露给 SQL 注入攻击,因为查询参数可能没有正确引用。
Finally, a point of style: you can't use del as a variable name.最后,一个风格点:你不能使用del作为变量名。 Python already has the del statement , and attempting to reassign the name del results in a SyntaxError . Python 已经有del 语句,尝试重新分配名称del导致SyntaxError 。 Also, the ResultProxy object returned by a DELETE statement doesn't contain any rows, so there is little point assigning the result to a variable.此外,DELETE 语句返回的ResultProxy对象不包含任何行,因此将结果分配给变量几乎没有意义。
解决方案2
0 2022-08-06 22:09:16
Using SQLAlchemy.ORM使用 SQLAlchemy.ORM
my_id = XXX
db.session.query.filter(Table.id == my_id).delete()
db.session.commit()
解决方案3
-1 2020-03-27 16:19:23
There are several ways to build up strings in python, if you're using python3 then I would use f-strings, which your second line of code is almost using.有几种方法可以在 python 中构建字符串,如果您使用的是 python3,那么我将使用 f-strings,您的第二行代码几乎正在使用。 You just need to add an "f" before your quotes, so your code becomes:您只需要在引号前添加一个“f”,这样您的代码就变成了:
del = engine.execute(f"DELETE FROM my_table WHERE id = '{my_id}'")
Here is some info on formatting strings in python and using f-strings https://realpython.com/python-f-strings/以下是有关在 Python 中格式化字符串和使用 f 字符串的一些信息https://realpython.com/python-f-strings/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.