token=uuid.uuid4().bytes.encode("base64")
expires=datetime.now()+timedelta(days=1)
print token
print expires
con = sqlite3.connect(dbpath,detect_types=sqlite3.PARSE_DECLTYPES)
cur = con.cursor()
cur.execute(
"INSERT INTO token VALUES ('%s', ?)" %
(token,expires))
a=cur.fetchone()
con.commit()
con.close()
表 CREATE TABLE标记(标记varchar(255),到期日期DATE);
错误 TypeError:并非在字符串格式化期间转换所有参数
永远不要将%操作符与SQL一起使用- 它可以导致SQL注入.execute像这样修复你的陈述:
cur.execute("INSERT INTO token VALUES (?, ?)", (token,expires))
实际上还有另外一个问题:你不能使用cur.fetchone()之后INSERT.
完整示例:
$ sqlite3 test.db
sqlite> create table token (token text primary key, expires text);
$ python
>>> import sqlite3
>>> from datetime import datetime, timedelta
>>> from uuid import uuid4
>>> token = uuid4().bytes.encode("base64")
>>> expires = datetime.now() + timedelta(days=1)
>>> conn = sqlite3.connect("test.db")
>>> cur = conn.cursor()
>>> cur.execute("INSERT INTO token VALUES (?, ?)", (token, expires))
<sqlite3.Cursor object at 0x7fdb18c70660>
>>> cur.execute("SELECT * FROM token")
<sqlite3.Cursor object at 0x7fdb18c70660>
>>> cur.fetchone()
(u'9SVqLgL8ShWcCzCvzw+2nA==\n', u'2011-04-18 15:36:45.079025')