MySQLdb 输入,其中字符串包含字符串分隔符
我正在使用 MySQLdb 开发一个 Python 项目。作为其中的一部分,我正在将用户详细信息(包括加盐密码)从生成它们的系统转移到仅使用它们的新系统。
单引号、双引号或三引号可以界定字符串的开头和结尾。但是,单引号和双引号是我要迁移的 4.5k 左右用户中多个哈希的一部分。这两个代币出现在大约 450 个盐中。
代码的编辑版本如下
Django.execute ('INSERT INTO auth_user (password) VALUES ("' + user.password + '")')
我尝试在检测到报价类型或其他报价类型时在此数据库游标对象中使用的报价类型之间进行交换,但这仍然留下 150 左右包含两者。
我可以为此使用哪些解决方法?
我尝试过三引号,但它们在光标对象上引发了编程错误。
提前致谢
I'm working on a project in Python with MySQLdb. As part of this, I'm moving user details, including salted passwords from one system that generates them to a new one that simply uses them.
Single, double or triple quotes can delineate your string start and end. However, single and double quotes are part of several hashes in the 4.5k or so users I'm migrating. Both tokens appear in about 450 of those salts.
An edited version of the code is as follows
Django.execute ('INSERT INTO auth_user (password) VALUES ("' + user.password + '")')
I have tried swapping between the quote type used in this database cursor object, as and when either quote type or the other are detected, but this still leaves the 150 or so that contain both.
What work arounds can I use for this?
I have tried triple quotes, but they throw a programming error on the cursor object.
Thanks in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
查询参数应提供所有正确的转义,例如:
来自 Django 文档: http://docs.djangoproject.com/en/dev/topics/db/sql/
Query parameters should provide all the proper escaping, for example:
From the Django docs at: http://docs.djangoproject.com/en/dev/topics/db/sql/