擅长:python、mysql、java
<p>正如钟表观察家所说,你给<code>cursor.fetchall()</code>打了两次电话,他的解决方案可以解决问题。</p>
<p>SQL查询本身的编写方式使代码面临严重的安全漏洞,因为查询无法正确转义输入参数。与clockwatcher的响应类似,正确的SQL查询可以是:</p>
<pre><code>query = ("SELECT * FROM sessionkeys WHERE clientName='%s'", (value1,))
</code></pre>
<p>另外,由于您没有修改任何数据<a href="https://dev.mysql.com/doc/connector-python/en/connector-python-api-mysqlconnection-commit.html" rel="nofollow noreferrer">according to the mySQL connector documentation</a>,因此不需要调用<code>commit()</code>方法。</p>
<p>因此,合并这三个更改后,您的代码将类似于:</p>
<pre><code>def session_fetch(value1):
cnx = mysql.connector.connect(user='xxx', password='xxx',
host='127.0.0.1', database='xxx')
cursor = cnx.cursor()
query = ("SELECT * FROM `sessionkeys` WHERE `clientName`='%s'", (value1,))
cursor.execute(query)
rows = cursor.fetchall()
results = len(rows)
if results > 0:
row = rows[0]
clientName, clientAddr, unLocker = row[1], row[2], row[3]
cursor.close()
cnx.close()
</code></pre>