更新时间:2023-01-21 12:49:19
这可能是一个逃避的问题.如果将这些值作为参数列表传递给execute()
,而不是手动构建字符串,那会更安全.这样可以确保它们正确地逃脱了.
This is possibly an escaping issue. It would be safer if you passed the values as a list of parameters to execute()
rather than manually building a string. This will ensure that they are correctly escaped.
insert = 'INSERT INTO {} ('.format(table) + ', '.join(headers) + ') VALUES ({})' \
.format(', '.join(len(headers) * '?')) # Add parameter placeholders as ?
for row in csvFile:
values = map((lambda x: x.strip()), row) # No need for the quotes
cursor.execute(insert, values) # Pass the list of values as 2nd argument
conn.commit()