Python的回溯错误 - 使用pymssql
我正在尝试用 Python 2.5.2 执行下面的代码。这个脚本可以成功连接并创建表格,但之后就出现了错误。
脚本内容
import pymssql
conn = pymssql.connect(host='10.103.8.75', user='mo', password='the_password', database='SR_WF_MODEL')
cur = conn.cursor()
cur.execute('CREATE TABLE persons(id INT, name VARCHAR(100))')
cur.executemany("INSERT INTO persons VALUES(%d, %s)", \
[ (1, 'John Doe'), (2, 'Jane Doe') ])
conn.commit()
cur.execute("SELECT * FROM persons WHERE salesrep='%s'", 'John Doe')
row = cur.fetchone()
while row:
print "ID=%d, Name=%s" % (row[0], row[1])
row = cur.fetchone()
cur.execute("SELECT * FROM persons WHERE salesrep LIKE 'J%'")
conn.close()
错误信息
Traceback (most recent call last):
File "connect_to_mssql.py", line 9, in <module>
cur.execute("SELECT * FROM persons WHERE salesrep='%s'", 'John Doe')
File "/var/lib/python-support/python2.5/pymssql.py", line 126, in execute
self.executemany(operation, (params,))
File "/var/lib/python-support/python2.5/pymssql.py", line 152, in executemany
raise DatabaseError, "internal error: %s" % self.__source.errmsg()
pymssql.DatabaseError: internal error: None
有没有什么建议?另外,如何理解这个错误的追踪信息,有人能帮我理解这个错误信息吗?我该怎么读它?是从下往上读吗?
1 个回答
1
我觉得你可能在假设普通的Python字符串插入方式,也就是:
>>> a = "we should never do '%s' when working with dbs"
>>> a % 'this'
"we should never do 'this' when working with dbs"
在执行方法中的%运算符看起来像是普通的字符串格式化运算符,但这更多的是一种方便的记忆方式;你的代码应该写成:
cur.execute("SELECT * FROM persons WHERE salesrep=%s", 'John Doe')
这里的名字要放在引号外,这样就可以处理像O'Reilly这样的名字,同时也能帮助防止SQL注入,这也是数据库适配器设计的目的。数据库适配器的作用就是把Python对象转换成SQL;它会知道如何正确地给字符串加引号,并妥善处理标点符号等。如果你这样做:
>>> THING_ONE_SHOULD_NEVER_DO = "select * from table where cond = '%s'"
>>> query = THING_ONE_SHOULD_NEVER_DO % 'john doe'
>>> query
"select * from table where cond = 'john doe'"
>>> cur.execute(query)
虽然也能工作,但这并不是一个好的做法。