Python到MySQLdb不会传递变量我认为我已尝试过所有内容

时间:2015-12-27 22:27:22

标签: python mysql

我正在尝试将一些电视信息存储在MySQLdb中。我已经尝试了所有的东西,我无法将变量发布。变量中有信息,因为我能够打印信息。

我的代码:

import pytvmaze
import MySQLdb

AddShow = pytvmaze.get_show(show_name='dexter')
MazeID = AddShow.maze_id
ShowName = "Show" + str(MazeID)


show = pytvmaze.get_show(MazeID, embed='episodes')
db = MySQLdb.connect("localhost","root","XXXXXXX","TVshows" )
cursor = db.cursor()

for episode in show.episodes:
   Show = show.name
   ShowStatus = show.status
   ShowSummary = show.summary
   Updated = show.updated
   Season = episode.season_number
   Episode = episode.episode_number
   Title = episode.title
   AirDate = episode.airdate
   ShowUpdate = show.updated
   EpisodeSummary = episode.summary
   try:
      sql =  "INSERT INTO " + ShowName  +  " VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)""" (Show,ShowStatus,ShowSummary,Updated,Season,Episode,Title,AirDate,ShowUpdate,EpisodeSummary)
      cursor.execute(sql)
      db.commit()
   except:     
      db.rollback()
db.close()

有什么想法?提前谢谢。

编辑 - 工作代码 

import pytvmaze
import MySQLdb

AddShow = pytvmaze.get_show(show_name='dexter')
MazeID = AddShow.maze_id
ShowNameandID = "Show" + str(MazeID)

show = pytvmaze.get_show(MazeID, embed='episodes')
db = MySQLdb.connect("localhost","root","letmein","TVshows" )
cursor = db.cursor()

for episode in show.episodes:
   ShowName = show.name
   ShowStatus = show.status
   ShowSummary = show.summary
   Updated = show.updated
   Season = episode.season_number
   Episode = episode.episode_number
   Title = episode.title
   AirDate = episode.airdate
   ShowUpdate = show.updated
   EpisodeSummary = episode.summary    
   sql = "INSERT INTO " + ShowNameandID  +  """ VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)"""
   cursor.execute(sql, (ShowName, ShowStatus, ShowSummary, Updated, Season, Episode, Title, AirDate, ShowUpdate, EpisodeSummary))
   db.commit()
   print sql ##Great for debugging
db.close()

1 个答案:

答案 0 :(得分:0)

首先,您通过裸try/expect捕获所有异常,然后静默回滚,实际上让自己变得更加困难。暂时删除try/except并查看真正的错误,或在except块中记录异常。我敢打赌,错误与查询中的语法错误有关,因为您会错过列值周围的引号。

无论如何,可以说你遇到的最大问题是如何将变量传递给查询。目前,您正在使用字符串格式,由于SQL injection attack危险和类型转换问题,强烈建议不要这样做。 Parameterize your query

sql = """
INSERT INTO 
    {show}
VALUES 
    (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)
""".format(show=Show)
cursor.execute(sql, (ShowStatus, ShowSummary, Updated, Season, Episode, Title, AirDate, ShowUpdate, EpisodeSummary))

请注意,无法参数化表名称(在您的情况下为Show) - 我们正在使用字符串格式 - 请确保您信任您的源,或通过{{1}手动转义它},或使用单独的自定义代码验证它。

相关问题
最新问题