擅长:python、mysql、java
<p>好的,根据SQL规范,该规范将字符串文字定义为由单引号分隔,并且要在字符串文字中包含单引号,您必须将其加倍(您可以参考<a href="https://www.sqlite.org/lang_expr.html" rel="nofollow noreferrer">Sqlite</a>和<a href="https://www.postgresql.org/docs/9.3/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS" rel="nofollow noreferrer">PostgreSQL</a>的语法规范,查看它们是否符合该规范),下面是我的尝试:</p>
<pre class="lang-py prettyprint-override"><code>value_list = [ "hello'world", 'foo"bar', """my'name"is""", """see'you"soon""" ]
value_list_escaped = [f"""'{x.replace("'", "''")}'""" for x in value_list]
query_template = "SELECT * FROM myTable as mt WHERE mt.colName IN ({})"
query = query_template.format(", ".join(value_list_escaped))
print(query)
</code></pre>
<p>这就是你想要的吗</p>