簡體   English   中英

Python燒瓶休息api

[英]Python flask rest api

我想在我的項目中添加一個rest api,因此我需要一個有選擇性的mysql語句,我總是回來

{“error”:“(1054,u \\”'where子句'\\'中的未知列'無')“}

代碼有什么問題? 我如何才能在mysql select語法中正確轉義id?

#!/usr/bin/python

from flask import Flask
from flask_restful import Resource, Api
from flask_restful import reqparse
from flask.ext.mysql import MySQL



mysql = MySQL()
app = Flask(__name__)

# MySQL configurations
app.config['MYSQL_DATABASE_USER'] = 'pi'
app.config['MYSQL_DATABASE_PASSWORD'] = 'xxxxxxxx'
app.config['MYSQL_DATABASE_DB'] = 'xxxxxxxx'
app.config['MYSQL_DATABASE_HOST'] = 'localhost'


mysql.init_app(app)

api = Api(app)

class test(Resource):
    def post(self):
        try:
        # Parse the arguments

        parser = reqparse.RequestParser()
        parser.add_argument('ID', type=str, help='Id of Item')
        args = parser.parse_args()

        id = str(args['ID'])
        conn = mysql.connect()
        cursor = conn.cursor()
        cursor.execute("SELECT * FROM `PowerSystem` WHERE ID=$(id)")



        data = cursor.fetchall()

        items_list=[];
        for item in data:
            i = {
                'ID':str(item[0]),
                'Timestamp':str(item[1]),
                'batteryVoltage':str(item[2]),
                'batteryCurrent':str(item[3]),
                'solarVoltage':str(item[4]),
                'solarCurrent':str(item[5]),
                'loadVoltage':str(item[6]),
                'loadCurrent':str(item[7]),
                'batteryPower':str(item[8]),
                'solarPower':str(item[9]),
                'loadPower':str(item[10]),
                'batteryCharge':str(item[11])
            }
            items_list.append(i)

        return {'StatusCode':'200$(_id)','Items':items_list}

    except Exception as e:
        return {'error': str(e)}
    api.add_resource(test, '/test')


    if __name__ == '__main__':
     app.run(debug=True,host='0.0.0.0')

   app.run(debug=True,host='0.0.0.0')

這是正確而安全的方法:

c.execute("SELECT * FROM `PowerSystem` WHERE ID=%s", (id))

execute語句不正確,模式應該像cursor.execute( <select statement string>, <tuple>) ,將你的語句改為:

cursor.execute("SELECT * FROM `PowerSystem` WHERE ID=%s",(id,))

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM