在 Mysql 查询 Flask web 应用程序中插入错误

Question

我的 app.py 代码：

@app.route('/register' , methods = ['GET', 'POST'])
def register():
    msg = ''
    if request.method == 'POST' and 'username' in request.form and 'password' in request.form and 'email' in request.form:
        username = request.form['username']
        password = request.form['password']
        email = request.form['email']
        cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
        cursor.execute('SELECT * FROM accounts WHERE username =%s', (username, ))
        account = cursor.fetchone()
        if account:
            msg = "Account already exists !"
        elif not re.match(r'[^@]+@[^@]+\.[^@]+', email):
            msg = 'Invalid email adress !'

        elif not re.match(r'[A-Za-z0-9]+', username):
            msg = 'Username must contain only characters and numbers !'
        elif not username or not password or not email:
            msg = 'Please fill the form !'
        else:
            cursor.execute('INSERT INTO accounts VALUES (NULL ,%s,%s,%s', (username, password, email, ))
            mysql.connection.commit()
            msg = 'You have successfully registered !'
    elif request.method == 'POST':
        msg = 'Please fill out the form !'
    return render_template('register.html' , msg = msg)
    
if __name__ == '__main__':
    app.run(debug = True)

这是我得到的错误：

Traceback (most recent call last):
  File "D:\Code\spoof\webapp2\env\lib\site-packages\flask\app.py", line 2548, in __call__
    return self.wsgi_app(environ, start_response)
  File "D:\Code\spoof\webapp2\env\lib\site-packages\flask\app.py", line 2528, in wsgi_app
    response = self.handle_exception(e)
  File "D:\Code\spoof\webapp2\env\lib\site-packages\flask\app.py", line 2525, in wsgi_app
    response = self.full_dispatch_request()
  File "D:\Code\spoof\webapp2\env\lib\site-packages\flask\app.py", line 1822, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "D:\Code\spoof\webapp2\env\lib\site-packages\flask\app.py", line 1820, in full_dispatch_request
    rv = self.dispatch_request()
  File "D:\Code\spoof\webapp2\env\lib\site-packages\flask\app.py", line 1796, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "D:\Code\spoof\webapp2\app.py", line 68, in register
    cursor.execute('INSERT INTO accounts VALUES (NULL ,%s,%s,%s', (username, password, email, ))
  File "D:\Code\spoof\webapp2\env\lib\site-packages\MySQLdb\cursors.py", line 206, in execute
    res = self._query(query)
  File "D:\Code\spoof\webapp2\env\lib\site-packages\MySQLdb\cursors.py", line 319, in _query
    db.query(q)
  File "D:\Code\spoof\webapp2\env\lib\site-packages\MySQLdb\connections.py", line 254, in query
    _mysql.connection.query(self, query)
MySQLdb.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1")

我在我的虚拟环境中使用 python 3.10.2 和 flask 2.2.2。 我正在使用 Visual Studio IDE。 好像我在 MYSQL 查询中做错了什么。 你们能告诉我我在这里做错了什么吗？

Answer 1

您的cursor.execute()语句中缺少右括号，并且不需要最后一个逗号。 此外，您可以指定列名。

这是一个将查询和值分成变量以提高可读性的解决方案：

sql_query = 'INSERT INTO accounts(username, password, email) VALUES (%s, %s, %s)'
vals = (username, password, email)
cursor.execute(sql_query, vals)