我試着輸入2個變量到一個SQL查詢,像這樣:在三重引號(Python)的使用變量
query = """
Select Distinct
sp.NAME,
sp.STUDY,
sp.DISEASE_ONTOLOGY_TERM,
sv.GENE,
sv.CDS_EFFECT,
sv.PROTEIN_EFFECT,
rep.STATUS,
sv.FRACTION_READS,
sv.DEPTH,
cvmship.REMOVED
From
SPECIMEN sp
inner join CURATION_MANAGER cm on (cm.SPECIMEN_ID = sp.SPECIMEN_ID)
inner join CURATION_VERSION cv on (cv.CURATION_VERSION_ID = cm.LATEST_VERSION_ID)
inner join CURATION_VERSION_MEMBERSHIP cvmship on (cvmship.VERSION_ID = cv.CURATION_VERSION_ID)
inner join CURATION_VERSION_MEMBER cvmer on (cvmer.CURATION_VERSION_MEMBER_ID = cvmship.MEMBER_ID)
inner join REPORTABLE rep on (rep.CURATION_VERSION_MEMBER_ID = cvmer.CURATION_VERSION_MEMBER_ID)
inner join SHORT_VARIANT sv on (sv.REPORTABLE_ID = rep.CURATION_VERSION_MEMBER_ID)
inner join (
Select
sp.SPECIMEN_ID,
cqr.STATUS
From
SPECIMEN sp
inner join CURATION_MANAGER cm on (cm.SPECIMEN_ID = sp.SPECIMEN_ID)
inner join CURATION_VERSION cv on (cv.CURATION_VERSION_ID = cm.LATEST_VERSION_ID)
inner join CURATION_VERSION_MEMBERSHIP cvmship on (cvmship.VERSION_ID = cv.CURATION_VERSION_ID)
inner join CURATION_VERSION_MEMBER cvmer on (cvmer.CURATION_VERSION_MEMBER_ID = cvmship.MEMBER_ID)
inner join CURATION_QC_RESULT cqr on (cqr.CURATION_VERSION_MEMBER_ID = cvmer.CURATION_VERSION_MEMBER_ID)
) cqr on (cqr.SPECIMEN_ID = sp.SPECIMEN_ID)
Where sp.ASSIGNED_INDEX is not null
AND sp.NAME like 'TRF%'
AND LENGTH(sp.NAME) = 12
AND cv.STATUS = 'final'
AND (cqr.STATUS = 'Pass' or cqr.STATUS = 'Qualified')
AND sp.STUDY like '%CLINICAL%'
AND sv.GENE = '%s'
AND sv.PROTEIN_EFFECT = '%s'
order by sp.name desc
""" % (gene, proEff)
當我運行該腳本,我得到:
File "fetchDEVDB.py", line 57, in <module>
""" % (gene, proEff)
ValueError: unsupported format character ''' (0x27) at index 1481
我思考也許它試圖解釋%作爲一種格式字符,但我嘗試使用%%圍繞%s和我得到相同的錯誤。有任何想法嗎?
感謝
你應該使用bound參數而不是SQL查詢的字符串格式。這可以解決您的緊急問題,並且可以防止注入攻擊。 –