[英]Python MYSQL Query throws programming syntax error 1064
我正在嘗試向我的數據庫發送一個 UPDATE 查詢,具有以下規范:
markets_string = "Coingecko, Coinmarketcap"
hashy = "e491bddae29c9fb6dd7666e25e34d6d642a05701"
mycursor.execute("""
UPDATE %s
SET markets = %s
WHERE id = %s
""", (source, markets_string, hashy))
但是,我收到以下語法錯誤:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''coinplace'
SET markets = 'Coingecko, Coinmarketcap'
' at line 1
如果這個問題已經得到回答,請先打擾一下,我自己用谷歌搜索,但找不到任何解決方案。
編輯:我正在使用 mysql.connector
測試如下:
query = "更新 %s SET markets = %s WHERE id = %s" values = source, markets_string, hashy
mycursor.execute(查詢,(值,))
假設 source 是表名並且是“coinplace”;
source = 'coinplace'
qry_str = "UPDATE " + source + " " + """
SET markets = %s
WHERE id = %s
print(qry_str)
UPDATE coinplace
SET markets = %s
WHERE id = %s
mycursor.execute(qry_str, (markets_string, hashy))
"""
這確實允許 SQL 注入,因為對表名使用了字符串連接,因此您需要確定 source 值的source
。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.