0

我正在使用 pypyodbc 将数据插入数据库,当我使用 cursor.execute() 命令时,我尝试输入 sql 字符串和参数,但出现以下错误:

     从 HP_DATA WHERE 中选择 uid(hpName = ? AND processID = ? AND ipAddress = ? AND port = ? AND usernameTried = ? AND passwordTried = ? AND fileID = ?);
    插入 HP_DATA_LOGIN_DETAIL(uid, attackDate, gmtOffset) VALUES(?, CONVERT(DATETIME, ?, 126), ?);
    2016-04-19T05:40:58.000
    ('22007', '[22007] [Microsoft][ODBC SQL Server Driver][SQL Server]从字符串转换日期和/或时间时转换失败。')

这是我的代码:

    # 将读取的文件信息插入HP_DATA_LOG
                    # 这应该允许我们在未来检查哪些文件是已读/未读
                    print("正在将文件数据插入 HP_DATA_LOG...")
                    log_file_date_read = datetime.datetime.today()
                    log_file_date_added = datetime.datetime.fromtimestamp(os.path.getctime(path)).strftime("%Y-%m-%d %H:%M:%S.%f")
                    file_size = os.path.getsize(路径)
                    #log_sql = "INSERT INTO HP_DATA_LOG(dateRead, dateAdded, fileName, fileSize) VALUES("
                    #log_sql += "'" + str(log_file_date_read) + "', "
                    #log_sql += "'" + str(log_file_date_added) + "', "
                    #log_sql += "'" + 路径 + "', "
                    #log_sql += "" + str(file_size) + ");"
                    log_params = (log_file_date_read, log_file_date_added, file_name, file_size)
                    log_sql = '''INSERT INTO HP_DATA_LOG(dateRead, dateAdded, fileName, fileSize) VALUES(?, ?, ?, ?);'''
                    打印(log_sql)
                    cursor.execute(log_sql, log_params)


                    # 从表中获取自动生成的fileID
                    print("正在获取文件ID...")
                    #get_fileID_sql = "从 HP_DATA_LOG WHERE 中选择文件 ID"
                    #get_fileID_sql += "(dateRead = '" + str(log_file_date_read) + "'"
                    #get_fileID_sql += " AND dateAdded = '" + str(log_file_date_added) + "'"
                    #get_fileID_sql += " AND 文件名 = '" + 路径 + "'"
                    #get_fileID_sql += " AND fileSize = '" + str(file_size) + "');"
                    fileID_params = (log_file_date_read, log_file_date_added, file_name, file_size)
                    get_fileID_sql = '''SELECT fileID FROM HP_DATA_LOG WHERE (dateRead = ? AND dateAdded = ? AND fileName = ? AND fileSize = ?);'''
                    打印(get_fileID_sql)
                    cursor.execute(get_fileID_sql, fileID_params)
                    fileID = cursor.fetchone()

                    # 通过将 HoneyPot 数据插入 HP_DATA 来记录攻击
                    hp_name = re.findall('-\d\d:\d\d\s(.*)\ssshd', 行)
                    pid = re.findall('\ssshd-22\[(\d+)\]', 行)
                    ip_add = re.findall('\sIP:\s(\d+.\d+.\d+.\d+)\s', 行)
                    端口 = re.findall('\s.\d+\sPass(.*)Log\s', 行)
                    如果端口 == “2222”:
                        端口 = '2222'
                    别的:
                        端口 = '22'
                    用户名 = re.findall('\s用户名:\s(.*)\sPas', line)
                    密码 = re.findall('\sPassword:\s(.*)', 行)
                    #sql = "INSERT INTO HP_DATA(hpName, processID, ipAddress, port, usernameTried, passwordTried, fileID) VALUES("
                    #sql += "'" + hp_name[0] + "', "
                    #sql += str(int(pid[0])) + ", "
                    #sql += "'" + ip_add[0] + "', "
                    #sql += str(端口) + ", "
                    #sql += "'" + 用户名[0] + "', "
                    #sql += "'" + 密码[0] + "', "
                    #sql += str(list(fileID)[0]) + ");"
                    sql_params = (hp_name[0], pid[0], ip_add[0], 端口, 用户名[0], 密码[0], fileID[0])
                    sql = '''INSERT INTO HP_DATA(hpName, processID, ipAddress, port, usernameTried, passwordTried, fileID) VALUES(?, ?, ?, ?, ?, ?, ?);'''
                    打印(sql)
                    cursor.execute(sql, sql_params)

                    #
                    #user_sql = r"从 HP_DATA WHERE 中选择 uid("
                    #user_sql += "hpName = '" + hp_name[0] + "' AND "
                    #user_sql += "processID = " + str(int(pid[0])) + " AND "
                    #user_sql += "ipAddress = '" + ip_add[0] + "' AND "
                    #user_sql += "端口 = " + str(端口) + " AND "
                    #user_sql += r"usernameTried = '" + username[0] + "' AND "
                    #user_sql += r"passwordTried = '" + password[0] + "' AND "
                    #user_sql += "fileID = " + str(list(fileID)[0]) + ");"
                    user_sql_params = (hp_name[0], pid[0], ip_add[0], 端口, username[0], password[0], fileID[0])
                    user_sql = '''SELECT uid FROM HP_DATA WHERE( hpName = ? AND processID = ? AND ipAddress = ? AND port = ? AND usernameTried = ? AND passwordTried = ? AND fileID = ?);'''
                    打印(user_sql)
                    cursor.execute(user_sql, user_sql_params)
                    uid = cursor.fetchone()

                    # 插入日期和时间信息以防止重复
                    attack_date = re.findall('(\d{4}-\d\d-\d\d)T', 行)
                    时间戳 = re.findall('T(\d\d:\d\d:\d\d.*).*-.*sshd', 行)
                    攻击日期时间=攻击日期[0]+“T”+时间戳[0]+“.000”
                    gmt_offset = re.findall('\d\d:\d\d:\d\d.*-(\d\d:\d\d)\s', 行)
                    #hp_detail_sql = r"插入 HP_DATA_LOGIN_DETAIL(uid,attackDate,attackTime,gmtOffset)值("
                    #hp_detail_sql += "" + str(uid[0]) + ", "
                    #hp_detail_sql += "'" + attackDate[0] + "', "
                    #hp_detail_sql += "'" + 时间戳[0] + "', "
                    #hp_detail_sql += "'" + gmt_offset[0] + "');"
                    hp_detail_sql_params = (uid[0], attack_datetime[0], gmt_offset[0])
                    hp_detail_sql = '''INSERT INTO HP_DATA_LOGIN_DETAIL(uid, attackDate, gmtOffset) VALUES(?, ?, ?);'''
                    打印(hp_detail_sql)
                    打印(攻击日期时间)
                    cursor.execute(hp_detail_sql,hp_detail_sql_params)
        print("执行的插入语句")
4

1 回答 1

3

在将值传递给 SQL Server之前,使用datetime.strptime()attack_datetime值转换为日期时间对象。

例如,传递日期时间格式的字符串失败,并收到与您收到的相同错误消息

...
# assumes connection and cursor objects initialized
create_date_str = "2016-06-16T01:23:45.67890"
sql = "select name, create_date from sys.databases where create_date = ?"
rows = cursor.execute(sql, create_date_str).fetchall()

加注

回溯(最近一次调用最后一次):文件“”,第 1 行,在 pyodbc.DataError: ('22007', '[22007] [Microsoft][SQL Server Native Client 11.0][SQL Server]Conversion failed when conversion date and/或来自字符串的时间。(241) (SQLExecDirectW)')

将日期时间字符串转换为日期时间对象成功

...
# convert datetime string to object, specifying input format
create_date = datetime.datetime.strptime(create_date_str, '%Y-%m-%dT%H:%M:%S.%f')
rows = cursor.execute(sql, create_date).fetchall()
于 2016-06-16T18:03:59.370 回答