这是一个非常基本的问题,我知道此代码存在安全问题,应该使用参数化条目以及其他问题 - 这是一项正在进行的工作。我正在尝试为项目设置构建用户注册模块。我已经设置了一个表,第一列用作具有主键约束的ID但是当我运行代码时,我得到以下错误并且不确定原因 - (如果它与p_ID列有关):
Traceback (most recent call last):
File "user.py", line 72, in <module>
userSignUp()
File "user.py", line 68, in userSignUp
c.execute("INSERT INTO People VALUES(userName, password, confirmPassword, firstName,lastName, companyName, email, phoneNumber,addressLine1, addressLine2, addressLine3, zipCode, province, country, regDate)")
sqlite3.OperationalError: no such column: userName
代码是:
import sqlite3
import datetime
path = "/Users/workhorse/thinkful/"
db = "apartment.db"
def checkAndCreateDB():
#not checking for some reason
#fullPath = os.path.join(path, db)
#if os.path.exists(fullPath):
# print "Database Exists"
#else:
connection = sqlite3.connect(db)
print "Creating database"
createUserRegTable()
def createUserRegTable():
with sqlite3.connect(db) as connection:
c = connection.cursor()
c.execute("""CREATE TABLE People
(p_ID INTEGER PRIMARY KEY AUTOINCREMENT,
userName TEXT NOT NULL UNIQUE,
password TEXT NOT NULL,
confirmPassword TEXT NOT NULL,
firstName TEXT NOT NULL,
lastName TEXT NOT NULL,
companyName TEXT NOT NULL,
email TEXT NOT NULL UNIQUE,
phoneNumber TEXT NOT NULL,
addressLine1 TEXT NOT NULL,
addressLine2 TEXT,
addressLine3 TEXT,
zipCode TEXT NOT NULL,
province TEXT NOT NULL,
country TEXT NOT NULL,
regDate DATE NOT NULL)
""")
print "table made"
def userSignIn():
pass
def userSignUp():
userName = raw_input("Enter a user name: ")
password = raw_input("Enter a password: ")
confirmPassword = raw_input("Confirm Your Password: ")
firstName = raw_input("Enter your first name: ")
lastName = raw_input("Enter your last name: ")
companyName = raw_input("Enter your company name: ")
email = raw_input("Enter your email: ")
phoneNumber = raw_input("Enter your phone number: ")
addressLine1 = raw_input("Enter your address: ")
addressLine2 = raw_input("Enter second line of your address (Not Required): ")
addressLine3 = raw_input("Enter third line of your address (Not Required): ")
zipCode = raw_input("Enter your zip code: ")
province = raw_input("Enter your state or province: ")
country = raw_input("Enter your country: ")
regDate = datetime.date.today()
print regDate
#userInfo = (userName, password, confirmPassword, firstName,lastName, companyName, email, phoneNumber,addressLine1,
#addressLine2, addressLine3, zipCode, province, country, regDate)
with sqlite3.connect(db) as connection:
c = connection.cursor()
c.execute("INSERT INTO People VALUES(userName, password, confirmPassword, firstName,lastName, companyName, email, phoneNumber,addressLine1, addressLine2, addressLine3, zipCode, province, country, regDate)")
checkAndCreateDB()
userSignUp()
非常感谢
答案 0 :(得分:16)
如果要将Python值插入SQL数据库,只需在SQL语句中命名Python变量就不够。相反,SQL数据库认为您希望插入从表或其他查询中获取的值。
改为使用SQL parameters,并传入实际值:
params = (userName, password, confirmPassword, firstName, lastName,
companyName, email, phoneNumber, addressLine1, addressLine2,
addressLine3, zipCode, province, country, regDate)
c.execute("INSERT INTO People VALUES (NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", params)
NULL
值适用于p_ID
主键列;另一种方法是命名要为其插入值的所有列。
答案 1 :(得分:1)
Martijn的回答非常好,但如果您知道某个值将为NULL,则有效。但是如果任何变量都可以为NULL,我使用了稍微不同的实现。
将任何变量设置为无。如果您浏览数据库,则该值将为null,并且它将在您的python控制台中显示为None,因为它们是等效的。
请参阅文档(https://docs.python.org/2/library/sqlite3.html)中的第11.13.5.1节:
Python类型无= SQLite类型为NULL
答案 2 :(得分:0)
实际上这是一个小错误, 您必须像这样编辑它:
c.execute("INSERT INTO People VALUES('userName', 'password', 'confirmPassword', 'firstName','lastName', 'companyName', 'email', phoneNumber,'addressLine1', 'addressLine2', 'addressLine3', zipCode, 'province', 'country', 'regDate')")
希望你能理解
答案 3 :(得分:-1)
因为我在 db.sqlite3 中没有任何重要数据。
我通过删除 db.sqlite3 并运行以下命令来修复我的问题。
python manage.py migrate