我正在使用PyMySQL和Python。
sql = "INSERT INTO accounts(date_string, d_day, d_month, d_year, trans_type, descriptor, inputs, outputs, balance, owner) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', AES_ENCRYPT('%s', 'example_key_str')"
cur.execute(sql % (date, d_day, d_month, d_year, ttype, desc, money_in, money_out, bal, owner))
这会引发模糊的语法错误,我不知道如何修复它。评估的查询是:
INSERT INTO accounts(date_string, d_day, d_month, d_year, trans_type, descriptor, inputs, outputs, balance, owner) VALUES ('12 Feb 2012', '12', 'Feb', '2012', 'CHQ', 'CHQ 54', '7143.78', '0.00', '10853.96', AES_ENCRYPT('test@example.com', 'example_key_str')
MySQL错误是:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
非常感谢任何帮助。提前谢谢。
答案 0 :(得分:2)
没有右括号:
INSERT INTO
accounts
(date_string, d_day, d_month, d_year,
trans_type, descriptor, inputs, outputs, balance,
owner)
VALUES
('12 Feb 2012', '12', 'Feb', '2012',
'CHQ', 'CHQ 54', '7143.78', '0.00', '10853.96',
AES_ENCRYPT('test@example.com', 'example_key_str'))
HERE^
作为旁注,请勿使用字符串格式将查询参数插入查询中 - 有一种更安全,更方便的方法 - 参数化查询:
sql = """
INSERT INTO
accounts
(date_string, d_day, d_month, d_year,
trans_type, descriptor, inputs, outputs, balance,
owner)
VALUES
(%s, %s, %s, %s,
%s, %s, %s, %s, %s,
AES_ENCRYPT(%s, 'example_key_str'))"""
cur.execute(sql, (date, d_day, d_month, d_year, ttype, desc, money_in, money_out, bal, owner))