在Python中,给SQL语句传递参数可以通过以下几种方法:
import pymysqlconn = pymysql.connect(host='localhost', user='your_user', password='your_password', db='your_db')cursor = conn.cursor()sql = "SELECT * FROM your_table WHERE your_column = %s"value = 'your_value'cursor.execute(sql, value)results = cursor.fetchall()cursor.close()conn.close()
2. 使用元组传递参数:
import pymysqlconn = pymysql.connect(host='localhost', user='your_user', password='your_password', db='your_db')cursor = conn.cursor()sql = "SELECT * FROM your_table WHERE your_column = %s"values = ('your_value',)cursor.execute(sql, values)results = cursor.fetchall()cursor.close()conn.close()
3. 使用字典传递参数:
import pymysqlconn = pymysql.connect(host='localhost', user='your_user', password='your_password', db='your_db')cursor = conn.cursor()sql = "SELECT * FROM your_table WHERE your_column = %s AND your_column2 = %s"values = ('your_value1', 'your_value2')cursor.execute(sql, values)results = cursor.fetchall()cursor.close()conn.close()
4. 使用`%s`作为占位符:
import pymysqlconn = pymysql.connect(host='localhost', user='your_user', password='your_password', db='your_db')cursor = conn.cursor()sql = "SELECT * FROM your_table WHERE your_column = %s"value = 'your_value'cursor.execute(sql, value)results = cursor.fetchall()cursor.close()conn.close()
5. 使用`%d`作为占位符传递整数参数:
import pymysqlconn = pymysql.connect(host='localhost', user='your_user', password='your_password', db='your_db')cursor = conn.cursor()sql = "SELECT * FROM your_table WHERE your_column = %d"value = 123cursor.execute(sql, value)results = cursor.fetchall()cursor.close()conn.close()
6. 使用`%f`作为占位符传递浮点数参数:
import pymysqlconn = pymysql.connect(host='localhost', user='your_user', password='your_password', db='your_db')cursor = conn.cursor()sql = "SELECT * FROM your_table WHERE your_column = %f"value = 123.456cursor.execute(sql, value)results = cursor.fetchall()cursor.close()conn.close()
请注意,在使用参数化查询时,务必确保参数值的正确转义,以避免潜在的SQL注入风险。