问题
I've been trying to make a parameterized SQL-query with Python 3 and sqlite module and succeeded with just one variable. However when using two variables, I get an IndexError: tuple index out of range error. Any suggestions as to what is causing this error?
sql = ("select exists(SELECT * from USERS where PASSWORD = '{0}' AND USERNAME = '{1}')")
args = (var1,var2)
cursor = database_connection.execute((sql).format(args))
回答1:
Never fill in raw entries in your sql command, this is calling for sql injection attacks.
Use the built-in fill-in function.
sql = "select exists(SELECT * from USERS where PASSWORD = ? AND USERNAME = ?)"
args = (var1,var2)
cursor = database_connection.execute(sql, args)
来源:https://stackoverflow.com/questions/45343175/python-3-sqlite-parameterized-sql-query