问题我有一个简单的应用程序来查询我的一些oracle表,我希望能够获取我的文本框的值,但我一直收到这个错误,如果有任何帮助,我们将不胜感激!
测试.py
def grabEnts():
global date
connection = cx_Oracle.connect('xxxxxxxx/xxxxxxxx@x.x.x.x:xxxx/xxx')
cursor = connection.cursor()
startdate = e1.get()
enddate = e2.get()
#fs = datetime.date(startdate)
#fe = datetime.date(endate)
//this works but, I would like to use both startdate and endate
#cursor.execute("SELECT EMP_ID FROM TO_ENTRIES WHERE LEAVE_START >= '%s'" % startdate)
//Like this but I can't get it to work I keep getting this error
File "test.py", line 62, in grabEnts
cursor.execute('SELECT EMP_FIRST_NAME FROM TO_ENTRIES WHERE LEAVE_START >=%s AND LEAVE_END <=%s', startdate, enddate)
TypeError: function takes at most 2 arguments (3 given)
cursor.execute('SELECT EMP_FIRST_NAME FROM TO_ENTRIES WHERE LEAVE_START >=%s AND LEAVE_END <=%s', startdate, enddate)
for row in cursor:
outputent.writerow(row)
cursor.close()
connection.close()
为一个格式字符串提供多个值时,需要将它们括在括号中:
"My name is %s. Your name is %s." % ("Sam", "Joe")
使用字符串格式生成SQL通常是个坏主意。如果用户输入类似; DROP TABLE blah的内容,则会在代码中执行。这是SQL注入的一个典型示例。。。
为了避免这种情况,请在查询中使用参数,如下所示:
cursor.execute('SELECT EMP_FIRST_NAME FROM TO_ENTRIES WHERE LEAVE_START between :start AND :end', {'start': 1, 'end': 10})