php - 从 PHP 的 mysql_query 转换成 Python？

Question

是否可以将此行从 PHP 转换为 python，如果可以，请解释每件事的含义及其工作原理。

mysql_query( "INSERT INTO chatitems VALUES ( null, null, '".
    mysql_real_escape_string( $_REQUEST['user'] ).
    "', '".
    mysql_real_escape_string( $_REQUEST['message'] ).
    "')" );

我遇到了很多麻烦并尝试这样做

import MySQLdb

conn = MySQLdb.connect(host='24.44.205.122', user='root', password='1234',
                          database='chat')
x = conn.cursor()

try:
    x.execute("INSERT INTO chatitems VALUES (%s, %s)""", (null, null), conn.escape_string(self.request.get("user")). "', '". conn.escape_string(self.request.get("message")). "')" );
except:
    conn.rollback()

conn.close()

如果有人能解释如何做到这一点，那将是一个很大的帮助

Answer 1

如果您使用 parameter passing style , DB API 将负责转义。您不需要逃避自己并构造 sql:

x.execute("INSERT INTO chatitems VALUES (null, null,  %s, %s)", [
    self.request.get("user"),
    self.request.get("message")
])

The term bound refers to the process of binding an input value to a database execution buffer. In practical terms, this means that the input value is directly used as a value in the operation. The client should not be required to "escape" the value so that it can be used — the value should be equal to the actual database value.