在SQL语句中使用通过瓶路由传递的参数的正确语法是什么? (为清楚起见,省略了大量代码,除此之外一切都有效)
@route('/sqldynamic/<foo>/<bar>')
def sqlDyanmic(foo, bar):
db = MySQLdb.connect("127.0.0.1","username","password","database" )
cursor = db.cursor()
cursor.execute("SELECT this, that WHERE this > foo AND that like '%bar%';")
data = cursor.fetchall()
return str(data)
答案 0 :(得分:1)
因为您正在使用MySQL:
cursor.execute("SELECT this, that WHERE this > %s AND that like %s;", (foo, bar))
(这与瓶子无关。)
(另外,如果您关心SQL注入,那么您应该添加一些验证。)