字符串中的sqlite3

Question

格式化的SQL查詢我一直在sqlite3的玩弄，我也得到一個sqlite3.OperationalError：近「甜」：語法錯誤此行我的代碼query_cursor.execute("INSERT INTO mcdonalds_menu VALUES(%d, %s, %f, %s, %d)" % (ids[num],names[num], price[num], descriptions[num], calories[num]))當我把在值3個獨立的查詢代碼似乎工作，但我試圖通過使用for循環讓我的代碼更幹。到目前爲止的代碼：

import sqlite3 

filename = sqlite3.connect("McDonalds_Menu.db") 
query_cursor = filename.cursor() 

def create_table(): 
    query_cursor.execute("CREATE TABLE mcdonalds_menu (id INTEGER, name VARCHAR(20), price DECIMAL(3, 2), description TEXT, calories INTEGER)") 

ids = range(1,4) 
names = ["McFlurry", "Fillet-o-Fish", "McCafe"] 
price = 1.50, 2.25, 0.99 
descriptions = ["Delicious sweet icecream", "Best fish in the sea", "Freshly brewed Colombian coffee"] 
calories = 220, 450, 75 

def data_entry(): 
    for num in xrange(3): 
     query_cursor.execute("INSERT INTO mcdonalds_menu VALUES(%d, %s, %f, %s, %d)" % (ids[num], names[num], price[num], descriptions[num], calories[num]))  
    filename.commit() 

if __name__ == "__main__": 
    create_table() 
    data_entry() 

是否有可能使用循環來格式化sql查詢？

Answer 1

需要引用SQL中需要的字符串VALUES。整數和浮點數不需要引用。

在下面的評論輸出，注意SQL VALUES包含「圓角-O-魚」和「最好的魚在海中」未加引號的字符串：

sql = "INSERT INTO mcdonalds_menu VALUES(%d, %s, %f, %s, %d)".format(ids[num], names[num], price[num], descriptions[num], calories[num]) 
# INSERT INTO mcdonalds_menu VALUES(2, Fillet-o-Fish, 2.250000, Best fish in the sea, 450) 

添加一些逃脫在你的字符串值引號生成有效的SQL：

sql = "INSERT INTO mcdonalds_menu VALUES(%d, \"%s\", %f, \"%s\", %d)" % (ids[num],names[num], price[num], descriptions[num], calories[num]) 
# INSERT INTO mcdonalds_menu VALUES(2, "Fillet-o-Fish", 2.250000, "Best fish in the sea", 450)