擅长:python、mysql、java
<p>正如评论中已经提到的,不要使用<code>shell=True</code>。见<a href="https://docs.python.org/3/library/subprocess.html#security-considerations" rel="nofollow noreferrer">https://docs.python.org/3/library/subprocess.html#security-considerations</a>。你知道吗</p>
<p>将参数列表直接传递给<code>Popen</code>构造函数,而不是让shell进行拆分。你知道吗</p>
<pre><code>with open('dump_{}_{}.sql'.format(hostname, timestamp), 'w') as dump_file:
p = subprocess.Popen(
[
'mysqldump', '-h', hostname, '-u', mysql_user,
' password={}'.format(mysql_pw), db
],
stdout=dump_file
)
</code></pre>
<hr/>
<p><code>shell=True</code>的问题可以在旧版本的文档中得到更好的解释:<a href="https://docs.python.org/2/library/subprocess.html#frequently-used-arguments" rel="nofollow noreferrer">https://docs.python.org/2/library/subprocess.html#frequently-used-arguments</a></p>