pypyodbc如何将变量插入execute语句？

Question

我正在使用Python3.3、pypyodbc 1.2.1和一个Quickbooks 12公司文件，该文件正在Flexquarters版本14上进行访问。我对编程和python很陌生，所以仍然在学习:)我可以使用pypyodbc示例运行一个查询，并产生预期的结果。

注意执行中的硬编码电子邮件地址。这项工作如预期的那样：

def get_customer_id(search_col,search_str):
    '''(str,str) --> str

    >>>get_customer_id(email, foo@foo.com)
    80000001-1385782702
    '''
    cur.execute("SELECT listid FROM CUSTOMER WHERE email='foo@foo.com'")
    for row in cur.fetchall():
        for field in row: 
            return field

如果我试图使用我从pypyodbc文档中读取的参数做同样的事情，我会抛出一个错误。我觉得引号和参数标记有问题。

def get_customer_id(search_col,search_str):
    '''(str,str) --> str

    >>>get_customer_id(email, foo@foo.com)
    80000001-1385782702
    '''
    cur.execute("SELECT listid FROM CUSTOMER WHERE email=?",(search_str,))
    for row in cur.fetchall():
        for field in row: 
            return field

想变得更像蟒蛇？我真的很想重用这个函数来搜索不同的列。类似于：

cur.execute("SELECT listid FROM CUSTOMER WHERE search_str=search_col")

我看过其他几个线程，其中大多数似乎只是处理参数，而不是要搜索的列。有人能帮我学到这个吗？

PS忘了包括回溯：

Traceback (most recent call last):
  File "C:\Users\Mike\Documents\Projects\qb_sync\quickbooks.py", line 32, in <module>
    print(get_customer_id('email','foo@foo.com'))
  File "C:\Users\Mike\Documents\Projects\qb_sync\quickbooks.py", line 27, in get_customer_id
    cur.execute("SELECT listid FROM CUSTOMER WHERE email=?",[search_str,])
  File "C:\Python\lib\site-packages\pypyodbc.py", line 1457, in execute
    self._BindParams(param_types)
  File "C:\Python\lib\site-packages\pypyodbc.py", line 1420, in _BindParams
    check_success(self, ret)
  File "C:\Python\lib\site-packages\pypyodbc.py", line 982, in check_success
    ctrl_err(SQL_HANDLE_STMT, ODBC_obj.stmt_h, ret, ODBC_obj.ansi)
  File "C:\Python\lib\site-packages\pypyodbc.py", line 960, in ctrl_err
    raise Error(state,err_text)
pypyodbc.Error: ('HY004', '[HY004] [Microsoft][ODBC Driver Manager] SQL data type out of range')
[Finished in 1.7s]

Answer 1

我觉得用的是

cur.execute("""SELECT listid FROM CUSTOMER WHERE ?=?""",[column, email])

不能接受数据库引擎而不是pypyodbc或任何其他odbc接口。它是数据库引擎，拒绝接受对列名使用参数的查询。

您可能不得不尝试这样做，而不是重用该函数：

# First construct your dynamic query for the targeted column
sql = """SELECT listid FROM CUSTOMER WHERE %s=?""" %(column) 

# Then provide the dynamic value for the dynamic query string
cur.execute(sql, (value,))

Answer 2

到目前为止，我得到了1/2的答案。这适用于一个参数，如果我在调用函数之前格式化字符串；

print(get_custid_email(b'foo@foo.org'))

cur.execute("""SELECT listid FROM CUSTOMER WHERE email=?""",[email])

不过，我还是不能让它用列名来做同样的事情。

print(get_custid_email(b'email',b'foo@foo.org'))

cur.execute("""SELECT listid FROM CUSTOMER WHERE ?=?""",[column, email])

这会引发一个不同的错误：

Traceback (most recent call last):
  File "C:\Users\Mike\Documents\Projects\qb_sync\quickbooks.py", line 34, in <module>
    print(get_custid_email(b'wendy.lindsay@gmail.com'))
  File "C:\Users\Mike\Documents\Projects\qb_sync\quickbooks.py", line 29, in get_custid_email
    cur.execute("""SELECT listid FROM CUSTOMER WHERE ?=?""",['email',email])
pyodbc.ProgrammingError: ('42S00', '[42S00] [QODBC] Data type of parameter cannot be determined (11023) (SQLPrepare)')