我有一个 python 函数,它使用name属性作为条件删除 mysql 表中的一行:
def delete(table: str, name: str):
cursor.execute(f"DELETE FROM {table} WHERE name = {name}")
conn.commit()
我有一个name属性等于“名称”的行。当我将此函数与“名称”一起使用时,它会删除表中的每一行。
我猜它与传递的字符串与属性相同。但是除了重命名属性之外,该问题的解决方案是什么?
因此,我认为您缺少名称周围的引号以及分号。
如需进一步阅读,您还应该查看Python parameterized query and Prepared Statement
我同意这些评论,出于安全原因,该表不应该是一个注入参数!
def delete(table: str, name: str):
query = f"DELETE FROM {table} WHERE name = ?"
print(query)
cursor.execute(query, (name,))
conn.commit()`
编辑完整的工作示例:
import sqlite3
conn = sqlite3.connect("test")
query_create = '''CREATE TABLE IF NOT EXISTS projects (
id integer PRIMARY KEY,
name text NOT NULL,
begin_date text,
end_date text
);'''
conn.execute(query_create)
query_insert = '''insert into projects (id, name, begin_date, end_date) values (1,"name","date","date")'''
conn.execute(query_insert)
query_select = '''select * from projects'''
cur = conn.execute(query_select)
print(cur.fetchall())
def delete(table: str, name: str):
query = f"DELETE FROM {table} WHERE name = ?"
print(query)
conn.execute(query, (name,))
delete('projects', 'name')
cur = conn.execute(query_select)
print(cur.fetchall())
给出输出:
[(1, 'name', 'date', 'date')]
DELETE FROM projects WHERE name = ?
[]