SQL更新查询django中没有这样的列

Question

当我尝试从我的视图中调用一个运行原始SQL查询的方法时，我得到一个操作错误，但是当我在firefox上使用sqlite manager检查数据库时，它显示我有一个具有正确值的列

//钱包模型

class Wallet(models.Model):
    username = models.CharField(max_length=15,default='')
    amount = models.IntegerField(validators=[validate_not_neg], default=0)

    def add_money(self, money):
        self.amount = self.amount + int(money)
        cursor = connection.cursor()
        cursor.execute('UPDATE wallet_wallet SET amount= %s WHERE username=%s' %(self.amount, self.username))

    def subtract_money(self, money):
        if int(money) > self.amount:
            raise ValidationError(
                ('%s greater than amount in wallet can not process.' % money),
                params={'value': money}
            )
        else:
            self.amount -= int(money)
        cursor = connection.cursor()
        cursor.execute('UPDATE wallet_wallet SET amount= %s WHERE username=%s' % (self.amount, self.username))

    def __str__(self):
        return self.username

    class Meta:
        permissions = (('add_money', 'can deposit money'), ('subtract_money', 'can take withdraw money'))

// add_money view

def add_money(request):
    print ("Request %s %s" % (request,type(request)))
    if request.user:
        if request.POST and request.POST.get('amount'):
            username = request.user.username
            add_amount = request.POST.get('amount')
            wallet = Wallet.objects.filter(username=username)
            wallet = wallet.get(pk=request.user.userprofile.wallet_id_id)
            print(wallet.username)
            wallet.add_money(add_amount)
            wallet.save()
            now = datetime.now()
            trans = Transaction(from_name=username, wallet_id=wallet.id, date=now, amount=add_amount)
            trans.save()
            print ("Request s %s" % request)
            return render(request, 'user_profile.html', {'user': request.user})
        else:
            print ("Request  j %s" % request)
            return render(request, 'add_money.html')
    else:
        print ("Request rf %s" % request)
        return HttpResponseRedirect('/login/?next={}'.format('/add_money/'))

回溯：

File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
      132.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
    File "/Users/ravinkohli/PycharmProjects/untitled1/wallet/views.py" in add_money
      22.             wallet.add_money(add_amount)
    File "/Users/ravinkohli/PycharmProjects/untitled1/wallet/models.py" in add_money
      24.         cursor.execute('UPDATE wallet_wallet SET amount= %s WHERE username=%s' %(self.amount, self.username))
    File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/db/backends/utils.py" in execute
      79.             return super(CursorDebugWrapper, self).execute(sql, params)
    File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/db/backends/utils.py" in execute
      64.                 return self.cursor.execute(sql, params)
    File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/db/utils.py" in __exit__
      98.                 six.reraise(dj_exc_type, dj_exc_value, traceback)
    File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/db/backends/utils.py" in execute
      62.                 return self.cursor.execute(sql)
    File "/Users/ravinkohli/env_app_pw/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py" in execute
      316.             return Database.Cursor.execute(self, query)

    Exception Type: OperationalError at /add_money/
    Exception Value: no such column: ravin

Answer 1

解决此特定问题

 cursor.execute('UPDATE wallet_wallet SET amount= %s WHERE username=%s'  ,  (self.amount, self.username))

请注意％更改为的方式，这会使用参数绑定，并在SQL injection范围内保护您。{/ p>

真正的解决方案。

不要在这里使用原始SQL。

  def add_money(self, money):
        self.amount = self.amount + int(money)
        self.save()

真的，没有必要。只需调用save（）。为了使它更紧凑，你根本不需要add_money方法！请参阅我在上一个问题中提到的F​​表达方法。