這是使用MySQLdb的與python3.6防止SQL注入MySQLdb的python3.6
import MySQLdb
# start connection
db = MySQLdb.connect("localhost", "root", "asdf", "projecten")
# create cursor
c = db.cursor()
# insert multiple records using a tuple
cities = [
('Boston', 'MA', 600000),
('Chicago', 'IL', 2700000),
('Houston', 'TX', 2100000),
('Phoenix', 'AZ', 1500000)
]
# sql statement
sql = "INSERT INTO projecten.population(city, state, population) VALUES(%s, %s, %s)"
# insert data into table with list cities
c.executemany(sql, cities)
# commit changes
db.commit()
# close connection
db.close()
我的腳本這是對安全的SQL注入,因爲一些人使用?代替%S,但是,python3.6不工作
你的問題到底是什麼?因爲你使用%s而不是... –