我不得不在python中的str((和format((之间找到更好的一个
"SELECT schools.deis_income , schools.school_name,SUM(money.coin_in_amount) AS coinamount, SUM(money.note_in_amount) AS noteamount , SUM(money.coffee_coin_in_amount) AS coffeeamount , SUM(money.coin_out_amount) AS coinoutamount, SUM(money.note_out_amount) AS noteoutamount FROM money_transactions AS money JOIN school_admin_details AS sa on sa.id = money.school_admin_id JOIN schools ON schools.id=sa.school_id WHERE sa.school_id ={school_id} AND money.transaction_time BETWEEN '{start_date}' AND '{end_date}' GROUP BY schools.id".format(school_id=school_id,start_date=start_date,end_date=end_date)
我在这里使用格式功能。 我可以使用 str(( 吗?请告诉我哪一个给我快速结果,str(( 或 format(( ???
如果你的问题是以下哪一个:
foo = "some text " + str(some_var) + " and some other text"
或者这个:
foo = "some text {} and some other text".format(var)
是"更好",普遍的共识非常明确:字符串格式更容易阅读和维护,并且是一种 pythonic 方式。
现在对于您的特定示例,答案是两者都是完全错误的 - 除非您可以向即使是最无能的脚本小子提供对数据库的完全访问权限。对于 SQL 查询,正确的解决方案是使用预准备语句,其中数据库连接器将负责正确格式化和清理值:
# assumes MySQL - for other vendors check your own
# db-api connector's doc for the correct placeholder
query = "SELECT somefield FROM mytable where somedate > %(somedate)s and something_else = %(someval)s"
cursor.execute(query, {"somedate": some_date, "someval": 42})