热门标签
热门文章
- 1RabbitMQ知识点整理_rabbitmq知识点总结
- 2Python 植物大战僵尸
- 3在Echarts区域的任何位置精准触发事件_echarts getzr
- 4使用PyCharm创造现代艺术(一)_pycharm画散点图
- 5前端利器,6 款开源 Web 性能优化辅助工具推荐_前端优化加载速率软件有哪些
- 6python多进程之间共享内存_python 共享内存
- 7Android审计平台,Android系统安全审计方法研究
- 8RabbitMQ 简单测试_com.rabbitmq.client.possibleauthenticationfailuree
- 9git强制推送分支到远程
- 10三人表决器_数电小实验之三人表决器
当前位置: article > 正文
[288]关于MySQL的1064错误_mysql 1064
作者:AllinToyou | 2024-04-29 17:33:00
赞
踩
mysql 1064
MySQL的1064错误是SQL语句写的有问题时出现的,即SQL的语法错误。笔者常常使用MySQL-python这个库来对MySQL进行操作,代码中报这个错误的一般是cursor.execute(sql, param)这一行。
这种参数式执行SQL语句的用法可以有效防止SQL注入的安全问题,但是为什么MySQL会报错呢?如果你确认SQL写的没问题,检查一下SQL语句中是否使用了引号。
在使用cursor.execute(sql, param)时,MySQL-python库会自动转义含有%s的字符串,所以不要画蛇添足在SQL语句中给%s加引号了,会报1064的错误滴!
另外也有许多人使用有SQL注入隐患的cursor.execute(sql % param)这种用法,这样是可以给%s加引号的。
但是安全问题孰重孰轻,相信各位自有判断。
在使用pymysql对mysql进行操作时,使用%s给excute传入参数时出错,错误代码如下:
table="huxing_table"
key="house_structure_page_url"
value="test"
cursor=db.cursor()
cursor.execute("INSERT INTO %s (%s) VALUES(%s)",(table,key,value))
db.commit()
cursor.close()
- 1
- 2
- 3
- 4
- 5
- 6
- 7
错误提示为:
Traceback (most recent call last):
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/cursors.py", line 112, in execute
result = self._query(query)
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/cursors.py", line 230, in _query
conn.query(q)
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 607, in query
self._affected_rows = self._read_query_result()
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 691, in _read_query_result
result.read()
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 869, in read
self.first_packet = self.connection.read_packet()
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 686, in read_packet
packet.check_error()
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 328, in check_error
raise_mysql_exception(self.__data)
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/err.py", line 142, in raise_mysql_exception
_check_mysql_exception(errinfo)
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/err.py", line 135, in _check_mysql_exception
raise errorclass(errno,errorvalue)
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''huxing_table' ('house_structure_page_url') VALUES('test')' at line 1")
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/huangjing/downHouseInfo/MainF.py", line 238, in <module>
cursor.execute("INSERT INTO %s (%s) VALUES(%s)",(table,key,value))
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/cursors.py", line 117, in execute
self.errorhandler(self, exc, value)
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 189, in defaulterrorhandler
raise errorclass(errorvalue)
pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''huxing_table' ('house_structure_page_url') VALUES('test')' at line 1")
Exception ignored in: <bound method Cursor.__del__ of <pymysql.cursors.Cursor object at 0x10585ebe0>>
Traceback (most recent call last):
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/cursors.py", line 41, in __del__
File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/cursors.py", line 47, in close
ReferenceError: weakly-referenced object no longer exists
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
但是,尝试执行
cursor.execute("INSERT INTO huxing_table (house_structure_page_url) VALUES(%s)",(value))
- 1
时,没有错误提示。
在错误提示第31行发现,执行的mysql语句中用%s替换的参数外加上了单引号。
''huxing_table' ('house_structure_page_url') VALUES('test')'
- 1
在mysql命令行终端进行测试,执行语句
mysql> insert into huxing_table (`house_structure_page_url`) values("test");
Query OK, 1 row affected (0.00 sec)
- 1
- 2
没有错误提示。而执行
mysql> insert into huxing_table ('house_structure_page_url') values("test");
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''house_structure_page_url') values("test")' at line 1
- 1
- 2
则有错误提示。再进行验证
mysql> insert into huxing_table (house_structure_page_url) values('test');
Query OK, 1 row affected (0.00 sec)
- 1
- 2
不出错。
mysql> insert into 'huxing_table' (house_structure_page_url) values("test");
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''huxing_table' (house_structure_page_url) values("test")' at line 1
- 1
- 2
出错,说明在mysql的insert语句中表名和列名外都不能加单引号,而值则可以加单引号。
就直接写语句好了。
最后的解决办法是插入一条数据写一条sql语句。
参考:https://www.jianshu.com/p/92026862a0e5
https://www.jianshu.com/p/855fdb50c26c
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/AllinToyou/article/detail/508896
推荐阅读
相关标签
