擅长:python、mysql、java
<p>MySQLdb有一个方法可以帮助您:</p>
<p><strong>文档</strong></p>
<blockquote>
<p>string_literal(...)
string_literal(obj) -- converts object obj into a SQL string literal.
This means, any special SQL characters are escaped, and it is enclosed
within single quotes. In other words, it performs:</p>
<pre><code>"'%s'" % escape_string(str(obj))
Use connection.string_literal(obj), if you use it at all.
_mysql.string_literal(obj) cannot handle character sets.
</code></pre>
</blockquote>
<p><strong>用法</strong></p>
<pre><code># connection: <_mysql.connection open to 'localhost' at 1008b2420>
str_value = connection.string_literal(tuple(provider))
# '(\'provider1\', \'provider2\')'
SQL = "SELECT * FROM table WHERE provider IN %s"
args = (str_value,)
cursor.execute(sql,args)
</code></pre>