防止 SQL 注入
- import mysql.connector
- mydb = mysql.connector.connect(
- host="localhost",
- user="myusername",
- passwd="mypassword",
- database="mydatabase"
- )
- mycursor = mydb.cursor()
- sql = "SELECT * FROM customers WHERE address = %s"
- adr = ("Yellow Garden 2", )
- mycursor.execute(sql, adr)
- myresult = mycursor.fetchall()
- for x in myresult:
- print(x)