我正在为SQL插入查询使用准备好的语句,并且收到消息语法错误。
我尝试使用PHPMyAdmin并在其中使用相同的查询,并用占位符代替了实际值,并且该查询工作正常,因此,我认为这与我使用预处理语句有关。
def create_user(f_name, s_name, email, sex, dob, mobile=None):
try:
conn = mysql.connector.connect(host=host, user=user, passwd=password) # create a connection to the database
cursor = conn.cursor(prepared=True) # Creates a cursor that is expecting prepared
if mobile is not None: # if the mobile number is specified
sql_parameterized_query = ("""BEGIN;
INSERT INTO users (FirstName, Surname, Email, Dob, Gender, Mobile)
VALUES (%s, %s, %s, %s, %s, %s);
INSERT INTO passwords (UserID, hashedPass)
VALUES (LAST_INSERT_ID(),%s);
COMMIT;""")
query_array = (f_name, s_name, email, date_sql_format(dob), sex, mobile, hash_user_password)
else: # if the mobile number is not specified
sql_parameterized_query = ("""BEGIN;
INSERT INTO users (FirstName, Surname, Email, Dob, Gender)
VALUES(%s, %s, %s, %s, %s);
INSERT INTO passwords (UserID, hashedPass)
VALUES(LAST_INSERT_ID(),%s);
COMMIT;""")
query_array = (f_name, s_name, email, date_sql_format(dob), sex, hash_user_password) # Init array of values
cursor.execute(sql_parameterized_query, query_array) # Execute query
conn.commit()
我希望将新用户的详细信息插入数据库中,所有必填字段都是必填项,不包括手机号码,这就是为什么我使用if语句将其分开,如果这是不好的做法,请指导我也朝着正确的方向发展,因为无论如何,在调用create_user("Ollie", "Pugh", "oliver.pugh@icloud.com", "M", "22-04-2001")
变量query_array的值为('Ollie', 'Pugh', 'oliver.pugh@icloud.com', '2001-04-22', 'M', '$2b$12$RU9FRcNjgHlC78kjZA5OIeqT1s1K2LHndC2iDK8mcqkadGc8d9XO2')
我收到的消息是:SQL语法有错误;检查与您的MariaDB服务器版本相对应的手册,以找到在第2行“ INSERT INTO用户(名字,姓氏,电子邮件,Dob,性别)附近”使用的正确语法
用户表的结构为:
CREATE TABLE `users` (
`UserID` int(11) NOT NULL AUTO_INCREMENT,
`FirstName` varchar(255) NOT NULL,
`Surname` varchar(255) NOT NULL,
`Email` varchar(255) NOT NULL,
`Dob` date NOT NULL,
`Gender` char(1) NOT NULL,
`Mobile` varchar(11) DEFAULT NULL,
`timeOfCreation` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`Authority` varchar(255) NOT NULL DEFAULT 'User',
PRIMARY KEY (`UserID`)
) ENGINE=InnoDB AUTO_INCREMENT=23 DEFAULT CHARSET=latin1
答案 0 :(得分:1)
解决我的问题的方法是创建一个过程,我将其命名为CreateUser
,并包括:
BEGIN
START TRANSACTION;
IF mobile = "NULL" THEN
SET mobile = null;
END IF;
INSERT INTO `cl43-flexfit`.users (FirstName, Surname, Email, Dob, Gender,Mobile)
VALUES (f_name, s_name, email, dob, gender, mobile);
INSERT INTO `cl43-flexfit`.passwords (UserID, hashedPass)
VALUES (LAST_INSERT_ID(), passhash);
COMMIT;
END
我已经修改了python脚本,使其具有两个游标,因为我无法在过程中使用USE语句,也不能将其与为准备好的语句配置的游标一起使用。
try:
conn = mysql.connector.connect(host=host, user=user, passwd=password) # create a connection to the database
cursor = conn.cursor() # Have to have two as you can not select database with a prepared cursor
prep_cursor = conn.cursor(prepared=True) # Creates a cursor that is expecting prepared
if mobile is None: # if the mobile number is not specified
mobile = "NULL" # This is recognised as null in the procedure
sql_parameterized_query = "CALL CreateUser(%s, %s, %s, %s, %s, %s, %s)" # Calls the create user procedure
query_array = (f_name, s_name, email, date_sql_format(dob), sex, mobile, hash_user_password)
cursor.execute("USE `cl43-flexfit`;")
prep_cursor.execute(sql_parameterized_query, query_array) # Execute query
conn.commit()
我敢肯定还有更好的方法可以做到这一点,但是现在就可以了。