<p><code>sqlite3.connection</code>不存在。您要查找的函数名为<a href="https://docs.python.org/3/library/sqlite3.html#sqlite3.connect" rel="nofollow">^{<cd2>}</a>:</p>
<pre><code>>>> import sqlite3
>>> sqlite3.connect
<built-in function connect>
>>>
</code></pre>
<p>另外,您不应该使用<code>str.format</code>或类似的工具将值插入到查询中。从<a href="https://docs.python.org/3/library/sqlite3.html" rel="nofollow">docs</a>:</p>
<blockquote>
<p>Usually your SQL operations will need to use values from Python
variables. You shouldn’t assemble your query using Python’s string
operations because doing so is insecure; it makes your program
vulnerable to an SQL injection attack (see <a href="http://xkcd.com/327/" rel="nofollow">http://xkcd.com/327/</a> for
humorous example of what can go wrong).</p>
<p>Instead, use the DB-API's parameter substitution. Put <code>?</code> as a
placeholder wherever you want to use a value, and then provide a tuple
of values as the second argument to the cursor's <code>execute()</code> method.
(Other database modules may use a different placeholder, such as <code>%s</code> or
<code>:1</code>.)</p>
</blockquote>