兄弟们， pymsql 的查询里，占位符需不需要根据查询字段的类型去更换

sp.execute_cmd('select * from table where uid = %s', 12)
sp.execute_cmd('select * from table where uid = %s', '12')
sp.execute_cmd('select * from table where uid = %d', 12)

测试了一下都能查询到，问题有如下：

第一二种这种查询是不是就会触发数据库的类型隐式转换
想了解一下占位符需不需要根据查询字段的类型去更换呢

uid

查询

占位

select

5 条回复 • 2023-01-31 17:50:13 +08:00

maocat

2023-01-31 00:23:07 +08:00

三条语句实际上都是 uid = 12

golang 里有 %#v 可以额外输出类型名，python 里就不知道了

centralpark

2023-01-31 00:37:50 +08:00

建议直接上 sqlalchemy ，而且用原生 sql 也不应该自己做字符串拼接，应该用？来做占位符。

Gakho

2023-01-31 08:38:54 +08:00

你可能需要了解一下 PEP249 的 paramstyle

lookStupiToForce

2023-01-31 11:03:10 +08:00

你如果不做类型检查和文本检查，就要小心注入攻击

duckyrain

2023-01-31 17:50:13 +08:00

def execute(self, query, args=None):
"""Execute a query

:param str query: Query to execute.

:param args: parameters used with query. (optional)
:type args: tuple, list or dict

:return: Number of affected rows
:rtype: int

If args is a list or tuple, %s can be used as a placeholder in the query.
If args is a dict, %(name)s can be used as a placeholder in the query.
"""