MySQLdb有一种方法可以帮助解决这个问题:
文件
string_literal(…)string_literal(obj)-将对象obj转换为SQL字符串文字。这意味着,所有特殊的SQL字符均被转义,并用单引号引起来。换句话说,它执行:
"'%s'" % escape_string(str(obj))Use connection.string_literal(obj), if you use it at all._mysql.string_literal(obj) cannot handle character sets.
用法
# connection: <_mysql.connection open to 'localhost' at 1008b2420>str_value = connection.string_literal(tuple(provider))# '('provider1', 'provider2')'SQL = "SELECt * FROM table WHERe provider IN %s"args = (str_value,)cursor.execute(sql,args)欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)