我正在使用 Python 2 并具有以下代码:with conn.cursor() as cursor: info("Updating {} records".format(len(records_to_update))) for record in records_to_update: query = "UPDATE my_table SET " params_setters = [] # Process all fields except wsid when updating for index, header in enumerate(DB_COLUMNS_IN_ORDER[1:]): if record[index] is not None: params_setters.append("{} = '{}' ".format(header, record[index])) query += " , ".join(params_setters) query += " WHERE id = '{}'".format(record[0]) cursor.execute(query)如何在此处使用查询参数进行转义,而不必在以下位置手动进行:params_setters.append("{} = '{}' ".format(header, record[index]))
1 回答
人到中年有点甜
TA贡献1895条经验 获得超7个赞
如果我理解你的问题,你想使用准备好的陈述。如果您使用的%s是用于表示查询参数的驱动程序(SQLite 使用?),则:
with conn.cursor() as cursor:
info("Updating {} records".format(len(records_to_update)))
params = []
for record in records_to_update:
query = "UPDATE my_table SET "
params_setters = []
# Process all fields except wsid when updating
for index, header in enumerate(DB_COLUMNS_IN_ORDER[1:]):
if record[index] is not None:
params_setters.append("{} = %s ".format(header))
params.append(record[index])
query += " , ".join(params_setters)
query += " WHERE id = %s"
params.append(record[0])
cursor.execute(query, params)
添加回答
举报
0/150
提交
取消