在sqlite3中存储python datetime对象

Question

token=uuid.uuid4().bytes.encode("base64")
expires=datetime.now()+timedelta(days=1)
print token
print expires
con = sqlite3.connect(dbpath,detect_types=sqlite3.PARSE_DECLTYPES)
cur = con.cursor()
cur.execute(
    "INSERT INTO token VALUES ('%s', ?)" % 
      (token,expires))
a=cur.fetchone()
con.commit()
con.close() 

Table CREATE TABLE token (token varchar(255),expires DATE);

Error TypeError: not all arguments converted during string formatting

Answer 1

Never use % operator with SQL - it can lead to SQL injection. Fix your execute statement like this:

cur.execute("INSERT INTO token VALUES (?, ?)", (token,expires))

Actually there is another one problem: you can't use cur.fetchone() after INSERT .

Full example:

$ sqlite3 test.db
sqlite> create table token (token text primary key, expires text);

$ python
>>> import sqlite3
>>> from datetime import datetime, timedelta
>>> from uuid import uuid4
>>> token = uuid4().bytes.encode("base64")
>>> expires = datetime.now() + timedelta(days=1)
>>> conn = sqlite3.connect("test.db")
>>> cur = conn.cursor()
>>> cur.execute("INSERT INTO token VALUES (?, ?)", (token, expires))
<sqlite3.Cursor object at 0x7fdb18c70660>
>>> cur.execute("SELECT * FROM token")
<sqlite3.Cursor object at 0x7fdb18c70660>
>>> cur.fetchone()
(u'9SVqLgL8ShWcCzCvzw+2nA==\n', u'2011-04-18 15:36:45.079025')

Answer 2

The error is self-speaking.

The string interpolation fails because you are passing two parameters to the INSERT string but there is only one %s placeholder. What do you want with '?' here.

Perhaps you ant

cur.execute('INSERT....', token, expires)

??