从excel在Python中组装用户生成的SQL服务器查询时要注意什么？

ParamstoPass=len(ClassCheckMark.columns) L_Cols=list() L_Vals=list() tableName=ClassCheckMark[ClassCheckMark.columns[1]][0] SQL_Query='update ' + tableName + ' set ' for i in range(2, ParamstoPass): L_Cols.append(ClassCheckMark[ClassCheckMark.columns[i]].name) L_Vals.append(ClassCheckMark[ClassCheckMark.columns[i]][0]) for i in range(1, len(L_Cols)): SQL_Query=SQL_Query+'[' + L_Cols[i] +']=' +"'" + str(L_Vals[i]) +"', " SQL_Query=SQL_Query[:-2]+' where ID=' + "'" + str(L_Vals[0]) +"'" cursor.execute(SQL_Query) cnn.commit() cnn.close()

1条回答

网友

1楼 · 发布于 2024-10-02 06:22:42

在构建L_Cols和L_Vals列表之后，我建议根据表元数据验证列名，构造一个参数化SQL命令，然后执行它。例如：

# test data
L_Cols = ['ID', 'FirstName', 'Photo']
L_Vals = [123, 'bob', None]
tablename = "People"

# validate list of column names
valid_column_names = [x.column_name for x in cursor.columns(tablename).fetchall()]
for col_name in L_Cols:
    if col_name not in valid_column_names:
        raise ValueError("[{0}] is not a valid column name for table [{1}]".format(col_name, tablename))
# build SQL command text
SQL_Query = "UPDATE [" + tablename + "] SET "
SQL_Query += ", ".join("[" + x + "]=?" for x in L_Cols[1:])
SQL_Query += " WHERE [" + L_Cols[0] + "]=?"
print(SQL_Query)  # UPDATE [People] SET [FirstName]=?, [Photo]=? WHERE [ID]=?
# move ID value to the end of the list of parameters
params = L_Vals[1:] + L_Vals[0:1]
print(params)  # ['bob', None, 123]

# (edit by OP)
# as in my case, some elements were of unicode markup, which threw
#   ProgrammingError: ('Invalid parameter type.  param-index=0 
#   param-type=numpy.int64', 'HY105'). 
# May need to add params=[str(x) for x in params]

cursor.execute(SQL_Query, params)

相关问题更多 >

编程相关推荐

热门问题

热门文章