我试图在我的表格中插入一行。我一直在关注这里的文档:https://docs.python.org/2/library/sqlite3.html我收到错误:sqlite3.OperationalError:没有这样的列:asd。 asd是我为奖学金名称输入的值。继承我的代码:
conn = sqlite3.connect('pathfinder.db')
c = conn.cursor()
c.execute("INSERT INTO %s VALUES (%s, %s, %s, %s, %s, %s, %s)" % (table, request.form['scholarship_name'],request.form['scholarship_gpa'],request.form['scholarship_amount'], "Male",request.form['specific_essay'], "[]","[]"))
答案 0 :(得分:2)
考虑在您所关注的链接中建议的参数化:
# Never do this -- insecure!
symbol = 'RHAT'
c.execute("SELECT * FROM stocks WHERE symbol = '%s'" % symbol)
字符串插值SQL语句尤其是来自flask请求的用户输入可能对您的数据库造成危险。因此,请考虑使用execute的第二个参数,它将值与占位符?绑定在预准备语句中。
# PREPARED STATEMENT
sql = "INSERT INTO {} VALUES (?, ?, ?, ?, ?, ?, ?)".format(table)
# QUERY EXECUTION
c.execute(sql, (request.form['scholarship_name'],
request.form['scholarship_gpa'],
request.form['scholarship_amount'],
"Male",
request.form['specific_essay'],
"[]",
"[]")
)