python 的引用错误 - 使用 pymssql
我正在尝试使用 python 2.5.2 执行以下代码。该脚本正在建立连接并创建表,但随后失败并出现以下错误。
脚本
import pymssql
conn = pymssql.connect(host='10.103.8.75', user='mo', password='the_password', database='SR_WF_MODEL')
cur = conn.cursor()
cur.execute('CREATE TABLE persons(id INT, name VARCHAR(100))')
cur.executemany("INSERT INTO persons VALUES(%d, %s)", \
[ (1, 'John Doe'), (2, 'Jane Doe') ])
conn.commit()
cur.execute("SELECT * FROM persons WHERE salesrep='%s'", 'John Doe')
row = cur.fetchone()
while row:
print "ID=%d, Name=%s" % (row[0], row[1])
row = cur.fetchone()
cur.execute("SELECT * FROM persons WHERE salesrep LIKE 'J%'")
conn.close()
错误有
Traceback (most recent call last):
File "connect_to_mssql.py", line 9, in <module>
cur.execute("SELECT * FROM persons WHERE salesrep='%s'", 'John Doe')
File "/var/lib/python-support/python2.5/pymssql.py", line 126, in execute
self.executemany(operation, (params,))
File "/var/lib/python-support/python2.5/pymssql.py", line 152, in executemany
raise DatabaseError, "internal error: %s" % self.__source.errmsg()
pymssql.DatabaseError: internal error: None
什么建议吗?另外,你如何阅读回溯错误,任何人都可以帮助我理解错误消息吗?你怎么读?自下而上?
am trying to execute the below code using python 2.5.2. The script is establishing the connection and creating the table, but then its failing with the below error.
The script
import pymssql
conn = pymssql.connect(host='10.103.8.75', user='mo', password='the_password', database='SR_WF_MODEL')
cur = conn.cursor()
cur.execute('CREATE TABLE persons(id INT, name VARCHAR(100))')
cur.executemany("INSERT INTO persons VALUES(%d, %s)", \
[ (1, 'John Doe'), (2, 'Jane Doe') ])
conn.commit()
cur.execute("SELECT * FROM persons WHERE salesrep='%s'", 'John Doe')
row = cur.fetchone()
while row:
print "ID=%d, Name=%s" % (row[0], row[1])
row = cur.fetchone()
cur.execute("SELECT * FROM persons WHERE salesrep LIKE 'J%'")
conn.close()
The error
Traceback (most recent call last):
File "connect_to_mssql.py", line 9, in <module>
cur.execute("SELECT * FROM persons WHERE salesrep='%s'", 'John Doe')
File "/var/lib/python-support/python2.5/pymssql.py", line 126, in execute
self.executemany(operation, (params,))
File "/var/lib/python-support/python2.5/pymssql.py", line 152, in executemany
raise DatabaseError, "internal error: %s" % self.__source.errmsg()
pymssql.DatabaseError: internal error: None
any suggestions? plus, how do you read the traceback error, anyone can help me understand the error message? how do you read it? bottom up?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我认为您假设常规的 python 字符串插值行为,即:
execute 方法中的
%运算符看起来像普通的字符串格式化运算符,但这更多的是一种方便或助记符;您的代码应为:cur.execute("SELECT * FROM Persons WHERE salesrep=%s", 'John Doe')不带引号,这适用于 O'Reilly 等名称,并提供帮助根据数据库适配器设计防止 SQL 注入。这就是数据库适配器的真正用途——将 python 对象转换为 sql;它会知道如何引用字符串并正确转义标点符号等。如果您这样做,它会起作用:
但这是不好的做法。
I think you are assuming the regular python string interpolation behavior, ie:
The
%operator within the execute method looks like the normal string formatting operator but that is more of a convenience or mnemonic; your code should read:cur.execute("SELECT * FROM persons WHERE salesrep=%s", 'John Doe')without the quotes, and this will work with names like O'Reilly, and help prevent SQL injection per the database adapter design. This is really what the database adapter is there for -- converting the python objects into sql; it will know how to quote a string and properly escape punctuation, etc. It would work if you did:
but this is bad practice.