您只能使用设置参数
?,不能使用表或列名称。
您可以使用预定义的查询来构建字典。
queries = { "foo": "SELECt * FROM PacketManager WHERe foo = ?", "bar": "SELECt * FROM PacketManager WHERe bar = ?", "foo_bar": "SELECt * FROM PacketManager WHERe foo = ? AND bar = ?",}# count == 1cursor.execute(queries[filters[0], parameters[0])# count == 2cursor.execute(queries[filters[0] + "_" + queries[filters[1], parameters[0])这种方法将使您避免从中进行SQL注入
filters[0]。
