当我尝试从我的视图中调用一个运行原始SQL查询的方法时,我得到一个操作错误,但是当我在firefox上使用sqlite manager检查数据库时,它显示我有一个具有正确值的列
//钱包模型
class Wallet(models.Model):
username = models.CharField(max_length=15,default='')
amount = models.IntegerField(validators=[validate_not_neg], default=0)
def add_money(self, money):
self.amount = self.amount + int(money)
cursor = connection.cursor()
cursor.execute('UPDATE wallet_wallet SET amount= %s WHERE username=%s' %(self.amount, self.username))
def subtract_money(self, money):
if int(money) > self.amount:
raise ValidationError(
('%s greater than amount in wallet can not process.' % money),
params={'value': money}
)
else:
self.amount -= int(money)
cursor = connection.cursor()
cursor.execute('UPDATE wallet_wallet SET amount= %s WHERE username=%s' % (self.amount, self.username))
def __str__(self):
return self.username
class Meta:
permissions = (('add_money', 'can deposit money'), ('subtract_money', 'can take withdraw money'))
// add_money view
def add_money(request):
print ("Request %s %s" % (request,type(request)))
if request.user:
if request.POST and request.POST.get('amount'):
username = request.user.username
add_amount = request.POST.get('amount')
wallet = Wallet.objects.filter(username=username)
wallet = wallet.get(pk=request.user.userprofile.wallet_id_id)
print(wallet.username)
wallet.add_money(add_amount)
wallet.save()
now = datetime.now()
trans = Transaction(from_name=username, wallet_id=wallet.id, date=now, amount=add_amount)
trans.save()
print ("Request s %s" % request)
return render(request, 'user_profile.html', {'user': request.user})
else:
print ("Request j %s" % request)
return render(request, 'add_money.html')
else:
print ("Request rf %s" % request)
return HttpResponseRedirect('/login/?next={}'.format('/add_money/'))
回溯:
File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
132. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/Users/ravinkohli/PycharmProjects/untitled1/wallet/views.py" in add_money
22. wallet.add_money(add_amount)
File "/Users/ravinkohli/PycharmProjects/untitled1/wallet/models.py" in add_money
24. cursor.execute('UPDATE wallet_wallet SET amount= %s WHERE username=%s' %(self.amount, self.username))
File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/db/backends/utils.py" in execute
79. return super(CursorDebugWrapper, self).execute(sql, params)
File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/db/backends/utils.py" in execute
64. return self.cursor.execute(sql, params)
File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/db/utils.py" in __exit__
98. six.reraise(dj_exc_type, dj_exc_value, traceback)
File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/db/backends/utils.py" in execute
62. return self.cursor.execute(sql)
File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py" in execute
316. return Database.Cursor.execute(self, query)
Exception Type: OperationalError at /add_money/
Exception Value: no such column: ravin
答案 0 :(得分:2)
cursor.execute('UPDATE wallet_wallet SET amount= %s WHERE username=%s' , (self.amount, self.username))
请注意%更改为的方式,这会使用参数绑定,并在SQL injection范围内保护您。{/ p>
不要在这里使用原始SQL。
def add_money(self, money):
self.amount = self.amount + int(money)
self.save()
真的,没有必要。只需调用save()。为了使它更紧凑,你根本不需要add_money方法!请参阅我在上一个问题中提到的F表达方法。