Question

我有以下变量 -

sql_query = """
    select jr.jobrun_id 'Job ID',
        jm.jobmst_prntname + '\\' + jm.jobmst_name 'Job Name',
        cast(jr.jobrun_proddt as date) 'Production Date' from jobrun jr
        inner join joboutput jo on jo.jobrun_id = jr.jobrun_id
        inner join jobmst jm on jm.jobmst_id = jr.jobmst_id
    where jr.jobrun_proddt BETWEEN ? and ? and jo.jobrun_output like '%not available%' and jr.jobrun_status='107'
        and jr.jobrun_dirty != 'X'
    order by jr.jobrun_proddt desc
"""

我正在通过以下def -

运行

def query_db(query, args=(), one=False):
    cur = db().cursor()
    cur.execute(query, args)
    r = [dict((cur.description[i][0], value) \
               for i, value in enumerate(row)) for row in cur.fetchall()]
    cur.connection.close()
    return (r[0] if r else None) if one else r

运行以下命令 -

my_query = query_db(sql_query, (date1, date2))

问题是我的args没有传入查询。我做错了什么？

对于记录，两个变量是这样的 -

date1 = '2014-12-15'
date2 = '2014'12-17'

我运行了以下内容 -

print ("""
        select jr.jobrun_id 'Job ID',
            jm.jobmst_prntname + '\\' + jm.jobmst_name 'Job Name',
            cast(jr.jobrun_proddt as date) 'Production Date' from jobrun jr
            inner join joboutput jo on jo.jobrun_id = jr.jobrun_id
            inner join jobmst jm on jm.jobmst_id = jr.jobmst_id
        where cast(jr.jobrun_proddt as date) BETWEEN ? and ? and (jo.jobrun_output LIKE '%does not exist%' and jr.jobrun_status='66') or
            (jo.jobrun_output LIKE '%duplicate%' and jr.jobrun_status='66') or
            (jo.jobrun_output LIKE '%password missing%' and jr.jobrun_status='66')
            and jr.jobrun_dirty != 'X'
        order by jr.jobrun_proddt desc
    """, (date1, date2))

要确认，它并没有把日期放在？的位置。

编辑 - 我知道它不起作用，因为我得到的结果包括我为BETWEEN指定的两个值之外的日期。这就是我想要查询显示的内容 -

select jr.jobrun_id 'Job ID',
jm.jobmst_prntname + '\\' + jm.jobmst_name 'Job Name',
cast(jr.jobrun_proddt as date) 'Production Date' from jobrun jr
inner join joboutput jo on jo.jobrun_id = jr.jobrun_id
inner join jobmst jm on jm.jobmst_id = jr.jobmst_id
where cast(jr.jobrun_proddt as date) BETWEEN '2014-12-15' and '2014-12-17' and (jo.jobrun_output LIKE '%does not exist%' and jr.jobrun_status='66') or
(jo.jobrun_output LIKE '%duplicate%' and jr.jobrun_status='66') or
(jo.jobrun_output LIKE '%password missing%' and jr.jobrun_status='66')
and jr.jobrun_dirty != 'X'
order by jr.jobrun_proddt desc

Answer 1

尝试

print ("""
        select jr.jobrun_id 'Job ID',
        jm.jobmst_prntname + '\\' + jm.jobmst_name 'Job Name',
        cast(jr.jobrun_proddt as date) 'Production Date' from jobrun jr
        inner join joboutput jo on jo.jobrun_id = jr.jobrun_id
        inner join jobmst jm on jm.jobmst_id = jr.jobmst_id
    where cast(jr.jobrun_proddt as date) BETWEEN '%s' and '%s' and (jo.jobrun_output LIKE '%%does not exist%%' and jr.jobrun_status='66') or
        (jo.jobrun_output LIKE '%%duplicate%%' and jr.jobrun_status='66') or
        (jo.jobrun_output LIKE '%%password missing%%' and jr.jobrun_status='66')
        and jr.jobrun_dirty != 'X'
    order by jr.jobrun_proddt desc
    """ % (date1, date2))

我将要填充的变量替换为%s，并将您使用的%转义为%成为%%。

此外，这种代码使您的应用程序容易受到sql注入攻击。您应该考虑使用SQLAlchemy等库。

python将变量传递给sql查询

1 个答案: