首先我是一个初学者,我很感激你的帮助:)
当我插入一个字符串时,它会给我一个双引号或单引号的错误。这只发生在我调用我创建的函数insert()时。但是,当我只是把一个数字,以取代那些字符串没有引号,这是工作。
import mysql.connector
conn = mysql.connector.connect(user="root",password='password',
host='localhost',database='library',port='3306')
cur = conn.cursor()
def create_table():
cur.execute("CREATE TABLE IF NOT EXISTS store
(id INT PRIMARY KEY, item VARCHAR(25), quantity INT, price REAL);")
conn.commit()
conn.close()
def insert(id, item, quantity, price):
cur.execute("INSERT INTO store (id, quantity, price, item)
VALUES (%s, %s, %s, %s)" % (id, item, quantity, price))
conn.commit()
conn.close()
insert(50, 'test', 20, 10)
然后它给出了一个错误:
Traceback (most recent call last):
File "C:\Program Files\Python36\lib\site-
packages\mysql\connector\connection_cext.py", line 392, in cmd_query
raw_as_string=raw_as_string)
_mysql_connector.MySQLInterfaceError: Unknown column 'test' in 'field list'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Users\Acer\Desktop\Remastered.py", line 128, in <module>
insert(50, 'test', 20, 10)
File "C:\Users\Acer\Desktop\Remastered.py", line 109, in insert
cur.execute("INSERT INTO store (id, quantity, price, item) VALUES (%s, %s, %s, %s)" % (id, item, quantity, price))
File "C:\Program Files\Python36\lib\site-packages\mysql\connector\cursor_cext.py", line 266, in execute
raw_as_string=self._raw_as_string)
File "C:\Program Files\Python36\lib\site-packages\mysql\connector\connection_cext.py", line 395, in cmd_query
sqlstate=exc.sqlstate)
mysql.connector.errors.ProgrammingError: 1054 (42S22): Unknown column 'test' in 'field list'
[Finished in 0.8s with exit code 1]
2条答案
按热度按时间j0pj023g1#
您混淆了insert语句中列的顺序,将“insert into store(id,quantity,price,item)”更改为“insert into store(id,item,quantity,price)”,注意名为item的列的位置!导入mysql.connector
来自mysql
o4hqfura2#
您没有正确使用占位符功能。正确的行是:
注意
,
而不是%
这就产生了严重的sql注入错误。您的查询正在扩展为以下内容:
在哪里
test
part完全不被引用,并被视为可能的列名。