擅长:python、mysql、java
<p>不能像在查询字符串中那样简单地使用变量名:</p>
<pre><code>cursor.execute("INSERT INTO company(companyname,address,city,pincode,website) VALUES (companyname,companyaddress,companycity,companypostalcode,companywebsite)")
</code></pre>
<p>相反,将变量传递到查询中,使其参数化:</p>
^{pr2}$