擅长:python、mysql、java
<p>正确的方法是:</p>
<pre><code>query = """SELECT
name, account_mgr, addr1, addr2, ap_email, bill_to_nbr, billto_only, city, controlling_nbr,
controlling_only, country, cust_contact, email, load_create_date, load_update_date, nbr,
owner, sales_rep, source_system, state, station, zip
FROM
public.customers
WHERE
billto_only = 'Y' OR controlling_only = 'Y'
AND
load_create_date >= %(time_val)s OR load_update_date >= %(time_val)s
"""
queryData = execute_db_query(query, {"time_val": time)
</code></pre>
<p>以上内容确保传入的数据正确引用,并防止SQL注入问题。
我还避免使用变量名,如<code>time</code>。这与Postgres中的<code>time</code>模块以及<code>time</code>类型存在潜在冲突</p>