Τη Κυριακή, 26 Μαρτίου 2017 - 11:59:21 μ.μ. UTC+3, ο χρήστης Larry Hudson
έγραψε:
> On 03/26/2017 01:21 AM, Νίκος Βέργος wrote:
> > print('''UPDATE visitors SET (pagesID, host, ref, location, useros,
> > browser, visits) VALUES (%s, %s, %s, %s, %s, %s, %s) WHERE host LIKE
> > "%s"''', (pID, domain, ref, location, useros, browser, lastvisit, domain) )
> >
> > prints out:
> >
> > UPDATE visitors SET (pagesID, host, ref, location, useros, browser, visits)
> > VALUES (%s, %s, %s, %s, %s, %s, %s) WHERE host LIKE "%s" (1, 'cyta.gr',
> > 'Άμεση Πρόσβαση', 'Greece', 'Windows', 'Chrome', '17-03-24 22:04:24',
> > 'cyta.gr')
> >
> > How should i write the cursor.execute in order to be parsed properly?
> > As i have it now %s does not get substituted.
>
> You don't get the substitution because you're missing a %.
>
> Change:
> ... LIKE "%s"''', (pID, ...
> To:
> ... LIKE "%s"''' % (pID, ...
>
> --
> -=- Larry -=-
No, i have tried it many times.
It fails and is prone to sql injection within a cursor execute.
As i understood i can have UPDATE syntax be as similar to INSERT like
(pagesID, host, ref, location, useros, browser, visits) VALUES (%s, %s, %s, %s,
%s, %s, %s)
each column needs to be set respectively as column1 = value1, column2 = value 2
and so on.
--
https://mail.python.org/mailman/listinfo/python-list
