我正在尝试基于简单的正则表达式%value%在Python中搜索SQLite数据库。但是,当尝试使用绑定来防止SQL注入时,sqlite3无法识别?当被百分号包围时作为绑定。在正则表达式中使用sqlite3时,如何使其能够识别我的绑定?
SELECT * FROM opportunities WHERE LOWER(title) LIKE LOWER('%?%');
运行方式
print(sql, values)
cursor.execute(sql, ('somequery',))
返回
SELECT * FROM opportunities WHERE LOWER(title) LIKE LOWER('%?%'); ('somequery',)
Traceback (most recent call last):
File "[REDACTED]", line 86, in <module>
opportunitiesSearchResults = databaseFunctions.searchOpportunities(memCursor, currentFilter)
File "[REDACTED]", line 102, in searchOpportunities
cursor.execute(sql, values)
sqlite3.ProgrammingError: Incorrect number of bindings supplied. The current statement uses 0, and there are 1 supplied.
?
用引号引起来不是占位符。您需要将其从引号中删除。