我试图更改数据库的字段,修改了'sql'语句, 但我还是报错了
#!/usr/bin/env python3
import pymysql
from log import *
#连接数据库
db = pymysql.connect('localhost', 'root', '123456', "test")
cursor = db.cursor()
def save_get_xici_log(log_data):
#抓取日志存入数据库
for data in log_data:
status = log_data[0]
thread_name = log_data[1]
url = log_data[2]
code = log_data[3]
proxy = log_data[4]
speedtime = log_data[5]
memo = log_data[6]
#status级别
if status == 'sucess':
status = 1
elif status == 'failed':
status = 0
elif status == 'error':
status = -1
else:
pass
sql = "INSERT INTO get_xici(thread_name, url, proxy, status, code, speedtime, memo) VALUES('%s', '%s', '%s', '%s', '%d', '%f', '%s')" (thread_name, url, proxy, status, code, speedtime, memo)
try:
cursor.execute(sql)
db.commit()
log.logger.info('save_get_xici_log is sucess')
except Exception as e:
db.rollback()
log.logger.debug('save_get_xici_log is error'+ ' '+ str(e))
db.close()
if __name__ == '__main__':
log = Logger(r'/root/Project/freeProxy/log/save_mysql.log',level='debug')
log_data = 'sucess', 'thread-1', 'baidu.com', 200, '1.1.1.1', 0.823132, '1'
save_get_xici_log(log_data)
######### MYSQL desc get_xici; #######################
mysql> desc get_xici;
+-------------+------------------+------+-----+-------------------+-----------------------------+
| Field | Type | Null | Key | Default | Extra |
+-------------+------------------+------+-----+-------------------+-----------------------------+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| thread_name | varchar(20) | NO | | NULL | |
| url | varchar(20) | NO | | NULL | |
| proxy | varchar(20) | NO | | NULL | |
| status | tinyint(2) | NO | | NULL | |
| code | int(3) | NO | | NULL | |
| speedtime | float(3,2) | NO | | NULL | |
| memo | varchar(500) | NO | | NULL | |
| nowtime | timestamp | NO | | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP |
+-------------+------------------+------+-----+-------------------+-----------------------------+
#
错误或消息:
Traceback (most recent call last): File "save_mysql.py", line 106, in save_get_xici_log(log_data) File "save_mysql.py", line 92, in save_get_xici_log sql = "INSERT INTO get_xici(thread_name, url, proxy, status, code, speedtime, memo) VALUES('%s', '%s', '%s', '%s', '%d', '%f', '%s')" (thread_name, url, proxy, status, code, speedtime, memo) TypeError: 'str' object is not callable
我相信,这就是您想要的,让SQL驱动程序执行所有必要的转换,并消除SQL注入攻击的可能性:
请注意,参数占位符周围没有引号,即`字符,它们必须都是
%s
。实际参数值被指定为list
或tuple
,作为execute
方法调用cursor
对象的第二个参数我认为您需要在字符串和此行的参数之间添加一个
%
:收件人:
但是一般来说,出于安全原因(防止SQL注入),您应该使用prepared statements而不是字符串插值来生成SQL查询
相关问题 更多 >
编程相关推荐