[英]what is the reason for the error when inserting data into mysql in python3?
以下示例代码执行抓取到特定 url 然后将数据插入 mysql 但插入代码中出现以下错误,我不知道此错误的原因是什么:
data = (URL,title,image,writer,article_date,article,keywords)
save_data(data)
def save_data(data):
cur.execute("SELECT * FROM shereen.articles WHERE URL='"+data[0]+"'")
res = cur.fetchall()
if len(res)==0:
cur.execute("INSERT INTO shereen.articles VALUES"+str(data))
conn.commit()
print(data[0] +" -->> Saved")
else:
print(data[0] +" -->> Duplicated")
出现以下错误:
Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
127.0.0.1 - - [03/Sep/2020 03:53:19] "GET / HTTP/1.1" 400 -
[2020-09-03 03:53:32,952] ERROR in app: Exception on / [GET]
Traceback (most recent call last):
File "C:\Users\Alahram\anaconda3\lib\site-packages\flask\app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "C:\Users\Alahram\anaconda3\lib\site-packages\flask\app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "C:\Users\Alahram\anaconda3\lib\site-packages\flask\app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "C:\Users\Alahram\anaconda3\lib\site-packages\flask\_compat.py", line 39, in reraise
raise value
File "C:\Users\Alahram\anaconda3\lib\site-packages\flask\app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "C:\Users\Alahram\anaconda3\lib\site-packages\flask\app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "<ipython-input-28-c14cf8a20a1c>", line 15, in home
get_article_details(URL)
File "<ipython-input-28-c14cf8a20a1c>", line 35, in get_article_details
save_data(data)
File "<ipython-input-28-c14cf8a20a1c>", line 41, in save_data
cur.execute(" " "INSERT INTO shereen.articles VALUES" " "+str(data))
File "C:\Users\Alahram\anaconda3\lib\site-packages\pymysql\cursors.py", line 170, in execute
result = self._query(query)
File "C:\Users\Alahram\anaconda3\lib\site-packages\pymysql\cursors.py", line 328, in _query
conn.query(q)
File "C:\Users\Alahram\anaconda3\lib\site-packages\pymysql\connections.py", line 516, in query
self._affected_rows = self._read_query_result(unbuffered=unbuffered)
File "C:\Users\Alahram\anaconda3\lib\site-packages\pymysql\connections.py", line 727, in _read_query_result
result.read()
File "C:\Users\Alahram\anaconda3\lib\site-packages\pymysql\connections.py", line 1066, in read
first_packet = self.connection._read_packet()
File "C:\Users\Alahram\anaconda3\lib\site-packages\pymysql\connections.py", line 683, in _read_packet
packet.check_error()
File "C:\Users\Alahram\anaconda3\lib\site-packages\pymysql\protocol.py", line 220, in check_error
err.raise_mysql_exception(self._data)
File "C:\Users\Alahram\anaconda3\lib\site-packages\pymysql\err.py", line 109, in raise_mysql_exception
raise errorclass(errno, errval)
pymysql.err.InternalError: (1366, "Incorrect string value: '\\xD8\\xA7\\xD9\\x84\\xD9\\x85...' for column 'title' at row 1")
127.0.0.1 - - [03/Sep/2020 03:53:32] "GET /?url=https://www.almasryalyoum.com/news/details/1994354 HTTP/1.1" 500 -
不要通过将字符串连接在一起来编写 SQL 查询,这是 SQL 注入的攻击向量。 使用字符串插值并将值作为下一个参数传递给execute()
按预期,即:
cur.execute("SELECT * FROM shereen.articles WHERE URL=%s", (data[0],))
和:
cur.execute("INSERT INTO shereen.articles VALUES(%s, %s, %s)", data) # in case `data` has three values
这样做将解决您的问题和您甚至不知道的 SQL 注入问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.