在字符串SQL查询中添加参数时发生SQLAlchemy错误

时间:2021-12-17 12:43:53

I'm trying to compose a string SQL query using SQLALchemy 1.1.2. I followed the explanation from the docs about using textual SQL but encountered a syntax error when I ran the following code:

我正在尝试使用SQLALchemy 1.1.2编写一个字符串SQL查询。我按照文档中的说明使用文本SQL,但是在运行以下代码时遇到了语法错误:

from sqlalchemy.sql import text

# Create a database connection called "connection"...

q = text('USE :name')
connection.execute(q, name='DATABASE_NAME')

Here's the error message:

这是错误信息:

"You have an error in your SQL syntax; check the manual that 
corresponds to your MySQL server version for the right syntax to use 
near ''DATABASE_NAME'' at line 1") [SQL: u'USE %s;'] [parameters: 
(u'DATABASE_NAME',)]

Since I'm using the named colon format and passing the parameters as arguments to connection.execute I can't figure out why this problem is arising. I'm using a MySQL server, but if I read the docs correctly the text method should be DB-agnostic.

因为我使用了命名的冒号格式,并将参数作为参数传递给连接。我搞不懂为什么会出现这个问题。我使用的是MySQL服务器,但是如果我正确地阅读了文档,那么文本方法应该与db无关。

Thanks in advance for the help.

谢谢你的帮助。

1 个解决方案

#1


3  

According to the documentation you need to use the bindparams like so:

根据文件,您需要像这样使用bindparams:

q = text('USE :name')
q.bindparams(name="DATABASE_NAME")
connection.execute(q)

or like this:

或者像这样:

q = text('USE :name')
q = q.bindparams(bindparam("name", String))

connection.execute(q, {"name": "DATABASE_NAME"})

This worked for me with no issues. Edit: I was wrong, it didn't work.

这对我来说毫无问题。编辑:我错了,它不管用。

The problem is the bind params is going to auto wrap your value with a single quote. So what's happening is you get the final compiles statement (which is invalid syntax):

问题是绑定参数将自动将您的值打包为一个报价。你会得到最终的编译语句(无效语法)

use 'DATABASE_NAME'

If you were to create the query: "Select * from mytable where column_a=:name"; this will work. Because it's wrapping the value with single quotes.

如果要创建查询:“Select * from mytable where column_a=:name”;这将工作。因为它用单引号将值括起来。

I would suggest for your use statement to do:

我建议你的使用声明:

q = "USE {}".format("DATABASE_NAME") 

Or something similar.

或类似的东西。

#1


3  

According to the documentation you need to use the bindparams like so:

根据文件,您需要像这样使用bindparams:

q = text('USE :name')
q.bindparams(name="DATABASE_NAME")
connection.execute(q)

or like this:

或者像这样:

q = text('USE :name')
q = q.bindparams(bindparam("name", String))

connection.execute(q, {"name": "DATABASE_NAME"})

This worked for me with no issues. Edit: I was wrong, it didn't work.

这对我来说毫无问题。编辑:我错了,它不管用。

The problem is the bind params is going to auto wrap your value with a single quote. So what's happening is you get the final compiles statement (which is invalid syntax):

问题是绑定参数将自动将您的值打包为一个报价。你会得到最终的编译语句(无效语法)

use 'DATABASE_NAME'

If you were to create the query: "Select * from mytable where column_a=:name"; this will work. Because it's wrapping the value with single quotes.

如果要创建查询:“Select * from mytable where column_a=:name”;这将工作。因为它用单引号将值括起来。

I would suggest for your use statement to do:

我建议你的使用声明:

q = "USE {}".format("DATABASE_NAME") 

Or something similar.

或类似的东西。