是否可以将此行从 PHP 转换为 python,如果可以,请解释每件事的含义及其工作原理。
mysql_query( "INSERT INTO chatitems VALUES ( null, null, '".
mysql_real_escape_string( $_REQUEST['user'] ).
"', '".
mysql_real_escape_string( $_REQUEST['message'] ).
"')" );
我遇到了很多麻烦并尝试这样做
import MySQLdb
conn = MySQLdb.connect(host='24.44.205.122', user='root', password='1234',
database='chat')
x = conn.cursor()
try:
x.execute("INSERT INTO chatitems VALUES (%s, %s)""", (null, null), conn.escape_string(self.request.get("user")). "', '". conn.escape_string(self.request.get("message")). "')" );
except:
conn.rollback()
conn.close()
如果有人能解释如何做到这一点,那将是一个很大的帮助
最佳答案
如果您使用 parameter passing style , DB API 将负责转义。您不需要逃避自己并构造 sql:
x.execute("INSERT INTO chatitems VALUES (null, null, %s, %s)", [
self.request.get("user"),
self.request.get("message")
])
The term bound refers to the process of binding an input value to a database execution buffer. In practical terms, this means that the input value is directly used as a value in the operation. The client should not be required to "escape" the value so that it can be used — the value should be equal to the actual database value.
关于php - 从 PHP 的 mysql_query 转换成 Python?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36381478/