在LOAD_DATA_INFILE中使用外部变量

时间:2018-11-15 09:22:54

标签: python csv

我有这个表结构:

date_sourced
sha1
vsdt
trendx
notes

还有我的csv结构:sha1,vsdt,trendx,notes

如何将变量值插入date_sourced中? 我尝试过:

var  = "2018-1-10"
query = "LOAD DATA INFILE %s INTO TABLE jeremy_table_test FIELDS TERMINATED BY ',' LINES TERMINATED BY '\r\n' IGNORE 1 LINES (%s,sha1, @var1, trendx,notes) SET vsdt = TRIM(TRAILING ')' FROM TRIM(LEADING '(' FROM @var1))"
cursor.execute(query, (path,var))

但给我错误:

ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''2018-1-10',sha1, @var1, trendx,notes) SET vsdt = TRIM(TRAILING ')' FROM TRIM(LE' at line 1

LOAD_DATA_INFILE是否接受外部变量?例如,我有这两个变量

import csv
import mysql.connector

path = 'C:\\Users\\trendMICRO\\Desktop\\OJT\\updated_test.csv'

print "CSV importing to database"


mydb = mysql.connector.connect(user='root', password='',
                            host='localhost',
                            database='jeremy_db')
cursor = mydb.cursor()
var  = "apple"
query = "LOAD DATA INFILE %s INTO TABLE jeremy_table_test FIELDS TERMINATED BY ',' LINES TERMINATED BY '\r\n' IGNORE 1 LINES (%s, @var1, person) SET vsdt = TRIM(TRAILING ')' FROM TRIM(LEADING '(' FROM @var1))"
cursor.execute(query, (path))
mydb.commit()

如何通过将'path/to/rb'替换为变量path和变量fruit设置的var = "apple"的值来在查询中应用它?

LOAD DATA INFILE 'path/to/rb' INTO TABLE jeremy_table_test FIELDS TERMINATED BY ',' LINES TERMINATED BY '\r\n' IGNORE 1 LINES (fruit, @var1, person) SET vsdt = TRIM(TRAILING ')' FROM TRIM(LEADING '(' FROM @var1))
cursor.execute(query)
connection.commit()

1 个答案:

答案 0 :(得分:0)

此答案假定您使用的是MySQLdb模块,如果使用其他驱动程序,则答案可能会有所不同。

要添加值,我们要使用参数化查询,如下所示:

var  = "apple"
path = "C:\\apple.txt"
query = "LOAD DATA INFILE %s INTO TABLE jeremy_table_test FIELDS TERMINATED BY ',' LINES TERMINATED BY '\r\n' IGNORE 1 LINES (%s, @var1, person) SET vsdt = TRIM(TRAILING ')' FROM TRIM(LEADING '(' FROM @var1))"
cursor.execute(query, (path, var))
connection.commit()

存储在元组中的参数作为cursor.execute()的第二个参数,将替换查询字符串中出现的%s的值。

不幸的是,由于path不会被用作列值,并且根据MySQLdb user's guide

  

参数占位符只能用于插入列值。他们   不能用于SQL的其他部分,例如表名,   陈述等。

因此,我们需要做一个可怕的事情,并使用文件名手工编写查询字符串。 这是不安全的,如果您允许将用户输入传递给path之类的变量。

我们仍然可以像以前一样使用参数作为var的值。

var  = "apple"
path = "C:\\apple.txt"
query = "LOAD DATA INFILE '" + path + "' "
query += "INTO TABLE jeremy_table_test FIELDS TERMINATED BY ',' LINES TERMINATED BY '\r\n' IGNORE 1 LINES (%s, @var1, person) SET vsdt = TRIM(TRAILING ')' FROM TRIM(LEADING '(' FROM @var1))"
cursor.execute(query, (var,))
connection.commit()
相关问题
最新问题