Python MySQL Where
- Dahin Prev MySQL Select
- Dahin Next MySQL Order By
Amfani da ɗaukar hanyar domin ɗaukar hanyar:
Zaɗi amfani da ɗaukar hanyar "WHERE" domin ɗaukar hanyar ɗaukar hanyar:
实例
Zaɗi ɗaukar hanyar "Park Lane 38" kuma zaɗin ɗaukar hanyar, wuri:
import mysql.connector mydb = mysql.connector.connect( host="localhost", user="yourusername", passwd="yourpassword", database="mydatabase" ) mycursor = mydb.cursor() sql = "SELECT * FROM customers WHERE address ='Park Lane 38'" mycursor.execute(sql) myresult = mycursor.fetchall() for x in myresult: print(x)
Takamaimanin:
Zaɗi kuma zaɗin ɗaukar hanyar da baya, kuma ɗaukar hanyar da kuma yana kwanan shi, kuma ɗaukar hanyar da kuma yana kwanan shi.
Kosai amfani da: % Wannan shi ne takamaimanin:
实例
Zaɗi hanyar ɗaya ce zaɗin ɗaukar hanyar "way"
import mysql.connector mydb = mysql.connector.connect( host="localhost", user="yourusername", passwd="yourpassword", database="mydatabase" ) mycursor = mydb.cursor() sql = "SELECT * FROM customers WHERE address LIKE '%way%'" mycursor.execute(sql) myresult = mycursor.fetchall() for x in myresult: print(x)
防止 SQL 注入
当用户提供查询值时,您应该转义这些值。
此举是为了防止 SQL 注入,这是一种常见的网络黑客技术,可以破坏或滥用您的数据库。
mysql.connector 模块拥有转义查询值的方法:
实例
使用占位符 %s 方法来转义查询值:
import mysql.connector
mydb = mysql.connector.connect(
host="localhost",
user="yourusername",
passwd="yourpassword",
database="mydatabase"
)
mycursor = mydb.cursor()
sql = "SELECT * FROM customers WHERE address =" %s"
adr = ("Yellow Garden 2", )
mycursor.execute(sql, adr)
myresult = mycursor.fetchall()
for x in myresult:
print(x)
- Dahin Prev MySQL Select
- Dahin Next MySQL Order By
