[英]Error while creating comma separated list from data-frame to pass into SQL query
我正在嘗試創建一個逗號分隔的列表來傳遞 SQL 查詢。
我的代碼
sql1 = '''select carrier_name, carrier_account, invoice_number, invoice_amount, currency, invoice_date
from invoice_summary where invoice_number in {}'''.format(tuple(data1['invoice_number'].values.tolist()))
當前Output
"select carrier_name, carrier_account, invoice_number,
invoice_amount, currency, invoice_date\nfrom invoice_summary where invoice_number in ('BHX3327983',)"
預計 Output "
select carrier_name, carrier_account, invoice_number,
invoice_amount, currency, invoice_date\nfrom invoice_summary where invoice_number in ('BHX3327983')"
我正在尋找一種在有單個輸入或要傳遞多個輸入時有效的解決方案。
我的代碼有什么問題。
嘗試使用join
並將括號放在字符串中:
sql1 = '''select carrier_name, carrier_account, invoice_number, invoice_amount, currency, invoice_date
from invoice_summary where invoice_number in ({})'''.format(','.join(["'{}'".format(x) for x in data1['invoice_number']]))
您可以使用DataFrame.empty
屬性有條件地設置 sql 語句的值。 如果data1
為空,則將WHERE
子句設置為 False,例如1 = 0
:
if data1.empty:
sql1 = '''select carrier_name, carrier_account, invoice_number, invoice_amount, currency, invoice_date
from invoice_summary where 1 = 0'''
else:
sql1 = ('''select carrier_name, carrier_account, invoice_number, invoice_amount, currency, invoice_date
from invoice_summary where invoice_number in ({})'''
.format(','.join(["'{}'".format(x) for x in data1['invoice_number']])))
為避免 SQL 注入,您可以使用以下命令:
invoice_nums_list = data1['invoice_number'].values.tolist()
sql1 = '''select carrier_name, carrier_account, invoice_number, invoice_amount, currency, invoice_date from invoice_summary where invoice_number in ''' +
'(' + ','.join('%s' for i in range(len(invoice_nums_list))) + ')'
print(sql1)
cursor.execute(sql1, params=tuple(invoice_nums_list))
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.