我不确定我的问题是 django、sqlite3、与正则表达式语法的一些奇怪交互,还是只是我:我有一个坏版本的 SQL 查询要由 django.model 正确处理:
qryStrBAD = "SELECT idx, cdate, beat FROM app_database where cc regexp '^%s'" % (cc)
for c in MyModel.objects.raw(qryStrBAD):
这行得通。但当然我不想允许注入攻击,所以我将它换成了推荐的参数列表版本raw():
qryStr = "SELECT idx, cdate, beat FROM app_database where cc regexp '^%s'"
for c in MyModel.objects.raw(qryStr,[cc]):
但是使用这个会抛出
DatabaseError at <URL>
Incorrect number of bindings supplied. The current statement uses 0, and there are 1 supplied
更奇怪的是,通过追溯日志戳似乎表明替换正在正确完成:
** .../app/views.py in plotResults
for c in MyModel.objects.raw(qryStr,[cc]):
...
Local vars
qryStr: "SELECT idx, cdate, beat FROM app_database where cc regexp '^%s'"
cc: u'LARCENY_THEFT'
** /Library/Python/2.7/site-packages/django/db/models/query.py in __iter__
<RawQuerySet: u"SELECT idx, cdate, beat FROM app_database where cc regexp '^LARCENY_THEFT'">
** /Library/Python/2.7/site-packages/django/db/models/sql/query.py in _execute_query
<RawQuery: u"SELECT idx, cdate, beat FROM app_database where cc regexp '^LARCENY_THEFT'">
** /Library/Python/2.7/site-packages/django/db/backends/util.py in execute
Local vars
params: [u'LARCENY_THEFT']
sql: u"SELECT idx, cdate, beat FROM app_database where cc regexp '^LARCENY_THEFT'"
** /Library/Python/2.7/site-packages/django/db/backends/sqlite3/base.py in execute
six.reraise(utils.DatabaseError, utils.DatabaseError(*tuple(e.args)), sys.exc_info()[2])
...
ProgrammingError('Incorrect number of bindings supplied. The current statement uses 0, and there are 1 supplied.',)
Local vars
params: [u'LARCENY_THEFT']
query: u"SELECT idx, cdate, beat FROM app_database where cc regexp '^?'"
** /Library/Python/2.7/site-packages/django/db/backends/sqlite3/base.py in execute
Local vars
params: [u'LARCENY_THEFT']
query: u"SELECT idx, cdate, beat FROM app_database where cc regexp '^?'"
任何猜测是怎么回事?