cur=connection.cursor()
def fillDoctors(key_bodyloc,proportion):
bodyloc_specialty_query="select distinct Speciality from body_speciality where body_location in (%s) "
#cur.execute(bodyloc_specialty_query)
data1=([key_bodyloc])
#print(bodyloc_specialty_query,data)
cur.execute(bodyloc_specialty_query,data1)
results=cur.fetchall()
specialities=[x[0] for x in results]
condition=""
for speciality in specialities:
print(str(speciality))
condition=condition+"'%"+speciality+"%'"+" or Speciality like "
#print(speciality)
#print(condition)
specialty_doctors_query="select DoctorName,Speciality,ClinicName from Doctors where Speciality like %s limit %s"
data2=([condition,proportion])
print(specialty_doctors_query,data2)
cur.execute(specialty_doctors_query,data2)
final=cur.fetchall()
print(final)
行final=cur.fetchall()
在每次迭代中返回一個空元組。我已經驗證了表Doctors不是空的,並且當'條件'是硬編碼時,代碼工作正常。該代碼應該打印每個專業的醫生詳細信息。誰能告訴我爲什麼會發生這種情況?Django傳遞參數時MySQL查詢輸出錯誤
有字面上'%'和'format'當它沒有區別來自SQL注入的安全性:兩者都沒有提供。 –
好的。編輯。我認爲我需要對此進行研究 –
line results = cur.fetchall()可以正常工作並返回預期結果。問題在於'specialty_doctors_query'是我所知道的,但我無法理解。 –