擅长:python、mysql、java
<p>按照@AdamSmith的建议,使用SQL进行操作。问题是<code>condition</code>仍然容易受到SQL注入攻击,因此与eval相比并没有任何优势</p>
<pre><code>import sqlite3
conn = sqlite3.connect(':memory:')
c = conn.cursor()
file1 = [1, 2, 3, 4, 5, 6]
file2 = [2, 4, 6, 8, 10, 3]
c.execute('''CREATE TABLE m (m1, m2)''')
for m1, m2 in zip(file1, file2):
c.execute('''INSERT INTO m VALUES(?, ?)''', (m1, m2))
condition = '''m1 >=3 AND (m1 + m2) >= 11'''
c.execute('''SELECT m1, m2 FROM m WHERE ''' + condition)
for m1, m2 in c.fetchall():
print "m1 = {} and m2 = {} fulfills condition {}".format(m1, m2, condition)
</code></pre>