在python 連接mysql時,最近一直出現了
1064, 'You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near \'"58 convenience stores in Beijing Pilot selling class B over-the-counter drugs""\' at line 4'
這個異常信息,今早發現后就進行解決,嘗試了多種方式,google提示用pymysql.escape_string函數對參數防止轉義,最開始用的是{0} 這種占位符的方式,發現還是無法解決,后面還試了一種方式,在execute里面處理
sql_01 = '''
insert into cmstop_content(contentid,catid,modelid,title, tags,status,published,publishedby
,createdby,created,modifiedby,modified,sourceid,score)
values (null,%s,"1",%s,%s,'3',UNIX_TIMESTAMP(SYSDATE()),'28','28',UNIX_TIMESTAMP(SYSDATE()),'28',UNIX_TIMESTAMP(SYSDATE()),'21','0');
在execute的時候進行參數傳遞,可以正常入庫了
cur.execute(sql_01, (pymysql.escape_string(info["flag"]), pymysql.escape_string(info["標題"]), pymysql.escape_string(info["標簽"])))
以前都是將參數與sql處理好一起傳入excute,沒怎么用過在execute中傳遞參數,特意看了下execute的定義,args的類型可以是tuple,list,dict中的任何一種,如果參數類型不對,會出現如下提示:
execute() takes from 2 to 3 positional arguments but 5 were given
