MySQL准备的语句导致SQL语法错误

时间:2019-06-22 09:32:20

标签: python mysql

我正在为SQL插入查询使用准备好的语句,并且收到消息语法错误。

我尝试使用PHPMyAdmin并在其中使用相同的查询,并用占位符代替了实际值,并且该查询工作正常,因此,我认为这与我使用预处理语句有关。

def create_user(f_name, s_name, email, sex, dob, mobile=None):
    try:
        conn = mysql.connector.connect(host=host, user=user, passwd=password)  # create a connection to the database
        cursor = conn.cursor(prepared=True)  # Creates a cursor that is expecting prepared

        if mobile is not None:  # if the mobile number is specified
            sql_parameterized_query = ("""BEGIN;
                                          INSERT INTO users (FirstName, Surname, Email, Dob, Gender, Mobile)
                                          VALUES (%s, %s, %s, %s, %s, %s);
                                          INSERT INTO passwords (UserID, hashedPass)
                                          VALUES (LAST_INSERT_ID(),%s);
                                          COMMIT;""")
            query_array = (f_name, s_name, email, date_sql_format(dob), sex, mobile, hash_user_password)

        else:  # if the mobile number is not specified
            sql_parameterized_query = ("""BEGIN;
                                         INSERT INTO users (FirstName, Surname, Email, Dob, Gender)
                                         VALUES(%s, %s, %s, %s, %s);
                                         INSERT INTO passwords (UserID, hashedPass)
                                         VALUES(LAST_INSERT_ID(),%s);
                                         COMMIT;""")
            query_array = (f_name, s_name, email, date_sql_format(dob), sex, hash_user_password)  # Init array of values

        cursor.execute(sql_parameterized_query, query_array)  # Execute query
        conn.commit()

我希望将新用户的详细信息插入数据库中,所有必填字段都是必填项,不包括手机号码,这就是为什么我使用if语句将其分开,如果这是不好的做法,请指导我也朝着正确的方向发展,因为无论如何,在调用create_user("Ollie", "Pugh", "oliver.pugh@icloud.com", "M", "22-04-2001")

这样的函数时,我找不到解决该问题的更优雅的方法

变量query_array的值为('Ollie', 'Pugh', 'oliver.pugh@icloud.com', '2001-04-22', 'M', '$2b$12$RU9FRcNjgHlC78kjZA5OIeqT1s1K2LHndC2iDK8mcqkadGc8d9XO2')

我收到的消息是:SQL语法有错误;检查与您的MariaDB服务器版本相对应的手册,以找到在第2行“ INSERT INTO用户(名字,姓氏,电子邮件,Dob,性别)附近”使用的正确语法

用户表的结构为:

CREATE TABLE `users` (
 `UserID` int(11) NOT NULL AUTO_INCREMENT,
 `FirstName` varchar(255) NOT NULL,
 `Surname` varchar(255) NOT NULL,
 `Email` varchar(255) NOT NULL,
 `Dob` date NOT NULL,
 `Gender` char(1) NOT NULL,
 `Mobile` varchar(11) DEFAULT NULL,
 `timeOfCreation` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
 `Authority` varchar(255) NOT NULL DEFAULT 'User',
 PRIMARY KEY (`UserID`)
) ENGINE=InnoDB AUTO_INCREMENT=23 DEFAULT CHARSET=latin1

1 个答案:

答案 0 :(得分:1)

解决我的问题的方法是创建一个过程,我将其命名为CreateUser,并包括:

BEGIN

START TRANSACTION;
    IF mobile = "NULL" THEN 
        SET mobile = null;
    END IF;

    INSERT INTO `cl43-flexfit`.users (FirstName, Surname, Email, Dob, Gender,Mobile)
    VALUES (f_name, s_name, email, dob, gender, mobile);

    INSERT INTO `cl43-flexfit`.passwords (UserID, hashedPass)
    VALUES (LAST_INSERT_ID(), passhash);
COMMIT;
END

我已经修改了python脚本,使其具有两个游标,因为我无法在过程中使用USE语句,也不能将其与为准备好的语句配置的游标一起使用。

    try:
        conn = mysql.connector.connect(host=host, user=user, passwd=password)  # create a connection to the database
        cursor = conn.cursor()  # Have to have two as you can not select database with a prepared cursor
        prep_cursor = conn.cursor(prepared=True)  # Creates a cursor that is expecting prepared

        if mobile is None:  # if the mobile number is not specified
            mobile = "NULL"  # This is recognised as null in the procedure

        sql_parameterized_query = "CALL CreateUser(%s, %s, %s, %s, %s, %s, %s)"  # Calls the create user procedure

        query_array = (f_name, s_name, email, date_sql_format(dob), sex, mobile, hash_user_password)

        cursor.execute("USE `cl43-flexfit`;")
        prep_cursor.execute(sql_parameterized_query, query_array)  # Execute query
        conn.commit()

我敢肯定还有更好的方法可以做到这一点,但是现在就可以了。