sqlite3.error:靠近“s”:语法错误

2024-04-20 00:11:37 发布

您现在位置:Python中文网/ 问答频道 /正文
7147 3

我在制造一个不和机器人。我尝试使用SQLite3数据库为我的机器人增加经济性。但是当我创建一个列时,我得到了一个错误:

cursor.execute(f"INSERT INTO users VALUES ('{member}', {member.id}, 30, 0, 0, 1, {guild.id})")
sqlite3.OperationalError: near "s": syntax error

此外,以下是代码:

@client.event
async def on_ready():
    cursor.execute("""CREATE TABLE IF NOT EXISTS users (
        name TEXT,
        id INT,
        cash BIGINT,
        rep INT,
        xp INT,
        lvl INT,
        server_id INT
    )""")

    for guild in client.guilds:
            for member in guild.members:
                if cursor.execute(f"SELECT id FROM users WHERE id = {member.id}").fetchone() is None:
                    cursor.execute(f"INSERT INTO users VALUES ('{member}', {member.id}, 30, 0, 0, 1, {guild.id})")
                else:
                    pass

        connection.commit()

Tags: inclientidforexecute机器人userssqlite3
1条回答
网友
1楼 · 发布于 2024-04-20 00:11:37

Code injection bug!考虑如果{{CD1>}的严格化是^ {< CD2>}会发生什么。你最终会被处决

INSERT INTO users VALUES ('Foo's Bar...
                              ^ Syntax error

我相信

cursor.execute(f"SELECT id FROM users WHERE id = {member.id}")
cursor.execute(f"INSERT INTO users VALUES ('{member}', {member.id}, 30, 0, 0, 1, {guild.id})")

应该是

cursor.execute("SELECT id FROM users WHERE id = ?", ( member.id, ))
cursor.execute("INSERT INTO users VALUES (?, ?, 30, 0, 0, 1, ?)",
   ( str(member), member.id, guild.id ) )

相关问题 更多 >

    编程相关推荐