import sqlite3
con=sqlite3.connect("mydbmb")
con.execute('''CREATE TABLE IF NOT EXISTS LOGIN
(ID INTEGER PRIMARY KEY AUTOINCREMENT,
NAME TEXT NOT NULL,
ROLL INT NOT NULL,
photo BLOB NOT NULL,
phone INTEGER NOT NULL,
father TEXT NOT NULL,
PASS TEXT NOT NULL);''')
with open("7.jpg", 'rb') as file:
blobdata = file.read()
quer=f'''INSERT INTO LOGIN(NAME,ROLL,photo,phone,father,PASS) VALUES('ADMIN','000','{blobdata}','678642873','GHHGJH','ADMIN123')'''
con.execute(quer)
print("query executed succsessfully")
user_list()
con.close()
答案 0 :(得分:0)
使用文字参数值(即将值放入查询中)容易出错且不安全(除非它们是恒定的)
最好使用绑定参数:
quer = '''INSERT INTO LOGIN(NAME,ROLL,photo,phone,father,PASS) VALUES(?, ?, ?, ?, ?, ?)'''
con.execute(quer, ('ADMIN','000', blobdata,'678642873','GHHGJH','ADMIN123'))
print("query executed successfully")