数据库
首页 > 数据库> > sqlite3.OperationalError: near "s": syntax error

sqlite3.OperationalError: near "s": syntax error

作者:互联网

code
Traceback (most recent call last):
  File "test.py", line 190, in <module>
    cursor.execute(sql)
sqlite3.OperationalError: near "s": syntax error
code
Suppose name contains a single quote followed by a t, as in
name = "don't look now"
sql = "update foo set is_processed=1 where bar='"+name+"'"
Then sql would equal
In [156]: sql
Out[156]: "update foo set is_processed=1 where bar='don't look now'"
and sqlite3 will think the conditional is where bar='don' followed by a syntax error, t look now'. sqlite3 then raises
sqlite3.OperationalError: near "t": syntax error
This is an example of why you should always use parametrized SQL. To avoid this problem (and protect your code from SQL injection attacks), use parametrized SQL and pass a sequence (or, depending on the paramstyle, a mapping) of values as the second argument to cursor.execute:
sql = "update foo set is_processed=1 where bar=?"
cursor.execute(sql, [name])
When you pass arguments (such as [name]) as the second argument to cursor.execute, sqlite3 will escape the single-quote for you. 

 

                         

标签:execute,bar,name,error,syntax,near,sql,sqlite3
来源: https://www.cnblogs.com/sea-stream/p/14181630.html