python mysqldb如何正确地转义url

时间:2015-05-27 14:59:58

标签: python mysql

我试图正确地转义网址以进入mysql连接,但显然我做错了:

>>> import MySQLdb
>>> db = MySQLdb.connect(host="localhost",user="...",passwd="...",db="...")
>>> cur = db.cursor()
>>> cmd = "insert into S3_data (url) VALUES ('http://google.com')"
>>> cur.execute(cmd)
1
>>> cur.execute(MySQLdb.escape_string(cmd))
Traceback (most recent call last):
  File "<pyshell#49>", line 1, in <module>
    cur.execute(MySQLdb.escape_string(cmd))
  File "C:\Python34\lib\site-packages\MySQLdb\cursors.py", line 220, in execute
    self.errorhandler(self, exc, value)
  File "C:\Python34\lib\site-packages\MySQLdb\connections.py", line 36, in defaulterrorhandler
    raise errorvalue
  File "C:\Python34\lib\site-packages\MySQLdb\cursors.py", line 209, in execute
    r = self._query(query)
  File "C:\Python34\lib\site-packages\MySQLdb\cursors.py", line 371, in _query
    rowcount = self._do_query(q)
  File "C:\Python34\lib\site-packages\MySQLdb\cursors.py", line 335, in _do_query
    db.query(q)
  File "C:\Python34\lib\site-packages\MySQLdb\connections.py", line 280, in query
    _mysql.connection.query(self, query)
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\'http://google.com\\')' at line 1")

正如您所看到的,该命令工作正常,但转义失败。我在这里缺少什么?

此外,转义字符串是否处理多字节编码?

由于

1 个答案:

答案 0 :(得分:0)

我相信如果你使用参数,你应该没有问题。

cmd = "INSERT INTO S3_data (url) VALUES (%s)"
args = 'http://google.com'
cur.execute(cmd, args)