[英]Python format array list into string
我正在尋找一個數組列表並將其附加到字符串。
Python 2.7.10,Windows 10
該列表是從mySQL表加載的,輸出為:
skuArray = [('000381001238',) ('000381001238',) ('000381001238',) ('FA200513652',) ('000614400967',)]
我想獲取此列表並將其附加到單獨的查詢中
問題:
query = "SELECT ItemLookupCode,Description, Quantity, Price, LastReceived "
query = query+"FROM Item "
query = query+"WHERE ItemLookupCode IN ("+skuArray+") "
query = query+"ORDER BY LastReceived ASC;"
我得到錯誤:
TypeError: cannot concatenate 'str' and 'tuple' objects
我的猜測是,我需要將字符串格式設置為:
'000381001238', '000381001238', '000381001238', 'FA200513652','000614400967'
最終 ,字符串需要讀取:
query = query+"WHERE ItemLookupCode IN ('000381001238', '000381001238', '000381001238', 'FA200513652','000614400967') "
我嘗試了以下方法:
skuArray = ''.join(skuArray.split('(', 1))
skuArray = ''.join(skuArray.split(')', 1))
第二次嘗試:
skus = [sku[0] for sku in skuArray]
stubs = ','.join(["'?'"]*len(skuArray))
msconn = pymssql.connect(host=r'*', user=r'*', password=r'*', database=r'*')
cur = msconn.cursor()
query ='''
SELECT ItemLookupCode,Description, Quantity, Price, LastReceived
FROM Item
WHERE ItemLookupCode IN { sku_params }
ORDER BY LastReceived ASC;'''.format(sku_params = stubs)
cur.execute(query, params=skus)
row = cur.fetchone()
print row[3]
cur.close()
msconn.close()
在此先感謝您的幫助!
如果要執行直接內聯SQL,則可以使用列表推導:
', '.join(["'{}'}.format(sku[0]) for sku in skuArray])
注意:您需要在元組之間添加逗號(基於示例)
就是說,如果您想執行一些sql,我建議您使用?參數化您的請求。
這是您將如何執行此操作的示例:
skuArray = [('000381001238',), ('000381001238',), ('000381001238',), ('FA200513652',), ('000614400967',)]
skus = [sku[0] for sku in skuArray]
stubs = ','.join(["'?'"]*len(skuArray))
qry = '''
SELECT ItemLookupCode,Description, Quantity, Price, LastReceived
FROM Item
WHERE ItemLookupCode IN ({ sku_params })
ORDER BY LastReceived ASC;'''.format(sku_params = stubs)
#assuming pyodbc connection syntax may be off
conn.execute(qry, params=skus)
為什么?
非參數化查詢不是一個好主意,因為它使您容易受到sql注入的攻擊,並且很容易避免。
假設skuArray
是一個列表,如下所示:
>>> skuArray = [('000381001238',), ('000381001238',), ('000381001238',), ('FA200513652',), ('000614400967',)]
您可以像這樣格式化字符串:
>>> ', '.join(["'{}'".format(x[0]) for x in skuArray])
"'000381001238', '000381001238', '000381001238', 'FA200513652', '000614400967'"
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.