MySQLdb存入HTML字符串的问题Python codesql INSET INTO Info VALUES(null,%s,%s,%s,%s,%s,%s,
MySQLdb存入HTML字符串的问题
Python codesql = "INSET INTO Info VALUES(null,%s,'%s','%s','%s',%s,'%s',%s,%s,%s)" cur = self.db.cursor() try: v = [] for i in self.informations: v.append((i.source.id, i.title, i.content, i.time, i.scratchtime, i.url, i.value, i.memo, i.importance)) return cur.executemany(sql, v) finally: cur.close()
其中i.content是html的字符串,所以就在这里报错了。错误信息如下:
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSET INTO Info VALUES(null,1,''\xe6\x9f\x90GPS\xe7\xb3\xbb\xe7\xbb\x9f\xe4\xb8\xa5\xe9\x87\x8d\xe9\x97\xae\xe9\xa2\x98\xef\xbc\x8c\xe5\x8f\xaf\xe6\x8e\xa7\xe5\x88\xb65400\xe5\xa4\x9a\xe8\xbe\x86' at line 1")
我在想是不是因为html字符串中有类似',"之类的造成 像sql injection一样的注入的问题。
请问我该怎样存此等字符串,谢谢
[解决办法]进行转义?
