TypeError:' str'对象在Python上不可调用

时间:2015-05-17 08:59:45

标签: python mysql database 

import MySQLdb
from datetime import datetime

ID_RFID=raw_input("Masukkan nomor: ")
time=datetime.now().strftime('%H:%M:%S')
print time

db=MySQLdb.connect(host="localhost", user="root", passwd="", db="rfid")
cursor=db.cursor()

cursor.execute("SELECT ID_Pegawai, Nama_Pegawai, Jabatan FROM data_pegawai WHERE ID_RFID='%s'" %(ID_RFID))
data=cursor.fetchall()
for row in data:
    ID_Pegawai=str(row[0])
    Nama_Pegawai=str(row[1])
    Jabatan=str(row[2])

    strID_Pegawai=''.join(ID_Pegawai)
    strNama_Pegawai=''.join(Nama_Pegawai)

    print "ID Pegawai= " +ID_Pegawai
    print "Nama Pegawai= " +Nama_Pegawai
    print "Jabatan= " +Jabatan

    if time>'08:00:00':
        telat="INSERT INTO  presensi (ID_Pegawai, Nama_Pegawai, Jam_Masuk, Status) VALUES (%s, %s, %s, 'Terlambat')" (strID_Pegawai, strNama_Pegawai, time)
        cur.execute(telat)
        print ("Status Anda= Anda Datang Terlambat")
    else:
        telat="INSERT INTO  presensi (ID_Pegawai, Nama_Pegawai, Jam_Masuk, Status) VALUES (%s, %s, %s, 'On Time')" (strID_Pegawai, strNama_Pegawai, time)
        cur.execute(telat)
        print ("Status Anda= Anda Datang Tepat Waktu")

我有类似Python的代码,当我运行该代码时,我发现了一个错误:TypeError:' str'对象不可调用 你想帮我解决这个错误吗?我会很感激。 :')谢谢你,并原谅我的英语不好。

1 个答案:

答案 0 :(得分:3)

您有两个地方错误地尝试格式化SQL字符串:

telat =“INSERT INTO presensi(ID_Pegawai,Nama_Pegawai,Jam_Masuk,Status)VALUES(%s,%s,%s,'Terlambat')”(strID_Pegawai,strNama_Pegawai,time)     cur.execute(telat)

telat="INSERT INTO  presensi (ID_Pegawai, Nama_Pegawai, Jam_Masuk, Status) VALUES (%s, %s, %s, 'On Time')" (strID_Pegawai, strNama_Pegawai, time)
cur.execute(telat)

您错误地尝试格式化SQL字符串:

>>> s = "%s %s %s" ("foo", "bar", "baz")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: 'str' object is not callable

你可能意味着:

>>> s = "%s %s %s" % ("foo", "bar", "baz")
>>> s
'foo bar baz'

但是,为了帮助防止针对您的应用程序的SQL注入攻击,您应该这样做:

telat="INSERT INTO  presensi (ID_Pegawai, Nama_Pegawai, Jam_Masuk, Status) VALUES (?, ?, ?, 'On Time')"
cur.execute(telat, strID_Pegawai, strNama_Pegawai, time)

请参阅:Bobby Tables: A guide to preventing SQL Injection以及相关的SO问题Protecting against SQL injection in python

尽管社区对这个问题进行了贬低并且“关闭投票”,但我觉得有必要提供这样的答案,以帮助防止Python Web应用程序受到来自不良监护的常见攻击媒介的攻击。“

请勿使用"INSERT|SELECT|UPDATE|DELETE ... %s %s %s" % (...)表单!

相关问题
最新问题