我有以下代码,其中ph变量不与select查询一起插值。
我只是想访问http://localhost/testing?phone_number=1234567890它像CCD_ 2一样返回电话号码的相当特定的记录。
@app.route("/testing",methods=['GET')
def testing():
ph = request.args.get('phone_number')
cur = mysql.connection.cursor()
cur.execute('''SELECT * FROM client_base where phone_number={}'''.format(ph))
results = cur.fetchall()
return ''' {} '''.format(results)
Abetter解决方案使用如下所示的准备好的语句
@app.route("/testing",methods=['GET')
def testing():
ph = request.args.get('phone_number')
cur = mysql.connection.cursor()
cur.execute('''SELECT * FROM client_base where phone_number=%s''',(ph,))
results = cur.fetchall()
return ''' {} '''.format(results)