我被困住了。我一直在尝试将pdf文件插入到MySQL数据库中,但我做不到。我已经尝试使用mysql.connector和MySQLdb类。我得到几乎相同的错误。我已经阅读了许多有关此问题的文章。我试过逗号,变量也。这是我的代码和错误;
import mysql.connector
db = mysql.connector.connect(host="127.0.0.1", user='root', password='masatablo', db='yukleme')
c = db.cursor()
acilacak_dosya = open("bizim.PDF", "rb")
yuklenecek_dosya = acilacak_dosya.read()
c.execute ("INSERT INTO pdfler (cizim) VALUES(%s)" %(yuklenecek_dosya))
db.commit()
db.close()
ERROR with mysql.connector:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'b'%PDF-1.4\r%\xe2\xe3\xcf\xd3\r\n4 0 obj\r<</Linearized 1/L 83892/O 6/E 79669/N ' at line 1
ERROR with MySQLdb:
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'b'%PDF-1.4\\r%\\xe2\\xe3\\xcf\\xd3\\r\\n4 0 obj\\r<</Linearized 1/L 83892/O 6/E 79669/N ' at line 1")
答案 0 :(得分:2)
您需要使用参数,而不是字符串插值。
使用SQL进行字符串插值仍然很容易受到SQL注入攻击。
c.execute("INSERT INTO pdfler (cizim) VALUES (%s)", (yuklenecek_dosya,))