我试图将完整的文章插入MySQL数据库,但它没有工作..
我想我有一个编码问题,因为当我打印时,它开始了
使用'[u' ..我尝试了一些代码,但它没有用。内容/文章可能包含,和",导致sql文本搞砸了
这是我的代码,它引发错误输入..
k1 = str(mmhtml)
for filde in cur.fetchall():
faliase = filde[0]
fpattern = filde[1]
furutan = filde[2]
fopsi = filde[3]
freplacer = filde[4]
k1 = re.sub(fpattern , freplacer, k1)
k2 = k1.encode('ascii')
Item['konten'] = k2.strip()
sqlinsert = "INSERT IGNORE INTO tb_hasil(title, \
datee, content, author, ling) \
VALUES ('%s', '%s', '%s', '%s', '%s' )" % \
(jdl, tgl, k2.strip() , sauto,str(response.url))
try:
cur.execute(sqlinsert)
except:
print "error input"
提前致谢
答案 0 :(得分:0)
您使用哪个库?
据我所知,大多数库都实现了DB-API公共。因此,您可以通过参数化发送数据,从而阻止sql注入。
我在python中使用了ourql,语法为:
<datatables:table id="studentMeetingtbl" url="getStudentMeetingList" serverSide="true" processing="true"
row="studentMeeting" rowIdBase="id" rowIdPrefix="studentMeeting_"
displayLength="5" lengthMenu="2,5,10,15,25,50,100" jqueryUI="true"
filterable="true" sortable="true"
autoWidth="true" pageable="true"
paginationType="full_numbers"
stateSave="true" >
<datatables:column title="Id" property="id" filterable="false" sortable="false" searchable="false" visible="false" />
<datatables:column title="Actions" renderFunction="actions" filterable="false" sortable="false" searchable="false" display="HTML" />
<datatables:column title="Id" property="id" />
<datatables:column title="Group Name" property="group.groupName" />
<datatables:column title="Project Name" property="group.projectName" />
<datatables:column title="Meeting Date" property="meetingDate" renderFunction="ParseDateColumn"/>
<datatables:column title="Next Review/Meeting Date" property="nextReviewDate" renderFunction="ParseDateColumn"/>
<datatables:column title="Remarks" property="remakrs" />
</datatables:table>
所以你用?替换值并传递元组中的参数
if (response.success == true) {
// no extra code
// url where you want to redirect
location.href = "<?php echo base_url('class/function'); ?>";
}