0

我正在尝试将网站源保存到我的 MySQL 数据库中。使用 urllib 成功检索源。接下来保存数据。与数据库的连接很好,问题在于源的保存,因为当我从插入语句中删除源时,一切都很好。

    # get the webpage source
    f = urllib.urlopen(row_urls['url'])
    source_fetched = f.read()
    f.close()

    # Save the webpage source
    scrapy_url_id = row_urls['id']
    url = row_urls['url']
    created = datetime.datetime.now()
    source = unicode(source_fetched,'utf-8')

    cur_webpage_save = con.cursor(mdb.cursors.DictCursor)
    cur_webpage_save.execute("""INSERT INTO webpage(scrapy_url_id,url,created,source) VALUES('%s', '%s', '%s', '%s');""" %(scrapy_url_id, url, created, source))

我猜它与需要转义的字符有关,我尝试了这个,但它产生了同样的错误:

    cur_webpage_save.execute(mdb.escape_string("""INSERT INTO webpage(scrapy_url_id,url,created,source) VALUES('%s', '%s', '%s', '%s');""" %(scrapy_url_id, url, created, source)))

下面你会看到错误。我究竟做错了什么...

Traceback (most recent call last):
File "clean.py", line 55, in <module>
cur_webpage_save.execute(mdb.escape_string("""INSERT INTO webpage(scrapy_url_id,url,created,source) VALUES('%s', '%s', '%s', '%s');""" %(scrapy_url_id, url, created, source)))
File "/usr/lib/python2.7/dist-packages/MySQLdb/cursors.py", line 174, in execute
self.errorhandler(self, exc, value)
File "/usr/lib/python2.7/dist-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorclass, errorvalue
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\'4\\', \\'http://example.com/test.html?id=108185\\', \\'2012-10-28' at line 1")
4

1 回答 1

1

不要使用字符串格式将数据放入数据库,而是使用 SQL 参数:

cur_webpage_save.execute("""INSERT INTO webpage(scrapy_url_id,url,created,source) VALUES(%s, %s, %s, %s);""", (scrapy_url_id, url, created, source))

对于 MySQLdb,语法几乎相同,只需删除单引号即可。

每个%s都被数据库适配器正确引用的字符串值替换。这也可以防止 SQL 注入攻击。

于 2012-10-28T17:30:25.557 回答