英文:
TypeError: simple_query() takes 2 positional arguments but 3 were given
问题
代码:
from tkinter import *
import tkinter as tk
import mysql.connector
def main():
root = tk.Tk()
app = MainWindow(root)
root.mainloop()
class mySQL:
def __init__(self):
# MySQL凭据
self.db = mysql.connector.connect(
host="XXXX-XX99",
user="root",
passwd="TEST",
database="technical")
# 游标
self.cursor = self.db.cursor()
def simple_query(self, sql):
self.cursor.execute(sql)
class MainWindow:
def __init__(self, master):
self.master = master
self.master.state('zoomed')
self.master.geometry('400x700')
self.frame = Frame(self.master)
self.frame.pack(fill="both", expand=True)
# 输入和文本框
self.nameLabel = Label(self.frame, text="Name of Person Making Request:")
self.nameEntry = Entry(self.frame)
# 按钮
self.btn = Button(self.frame, text="Submit", command=self.sendData)
# 组织上述内容
self.nameLabel.pack()
self.nameEntry.pack()
self.btn.pack()
def sendData(self):
x = mySQL()
# 值
values = (
self.nameEntry.get(),
)
# 插入命令
x.simple_query("INSERT INTO document_control (person) values ('%s')", values)
if __name__ == '__main__':
main()
目标:
在我的类mySQL和函数simple_query(self,sql)中,在我的类MainWindow中的函数sendData(self)中使用(请参见x.query("INSERT...")),我试图使这个工作,简单地将值插入到MySQL中。
当我按下"Submit"按钮(激活函数sendData(self))时,会出现错误:
TypeError: simple_query() takes 2 positional arguments but 3 were given
我不太清楚为什么会出现TypeError。我在哪里出错了?我需要更改代码的哪个部分?需要做什么更改?
英文:
Code:
from tkinter import *
import tkinter as tk
import mysql.connector
def main():
root = tk.Tk()
app = MainWindow(root)
root.mainloop()
class mySQL:
def __init__(self):
#MySQL Credentials
self.db = mysql.connector.connect(
host="XXXX-XX99",
user="root",
passwd="TEST",
database="technical")
#Cursor
self.cursor = self.db.cursor()
def simple_query(self,sql):
self.cursor.execute(sql)
class MainWindow:
def __init__(self,master):
self.master = master
self.master.state('zoomed')
self.master.geometry('400x700')
self.frame = Frame(self.master)
self.frame.pack(fill="both", expand=True)
#Entries and text-box
self.nameLabel = Label(self.frame, text = "Name of Person Making Request:")
self.nameEntry = Entry(self.frame)
# Buttons
self.btn = Button(self.frame, text = "Submit", command = self.sendData)
# Organizing above^
self.nameLabel.pack()
self.nameEntry.pack()
self.btn.pack()
def sendData(self):
x = mySQL()
#Values
values = (
self.nameEntry.get(),
)
#Insert Command
x.simple_query("INSERT INTO document_control (person) values ('%s')", values)
if __name__ == '__main__':
main()
Goal:
Inside my class mySQL and function simple_query(self,sql) is used in my class MainWindow at function sendData(self). (see x.query("INSERT...") I am trying to make this work, simply insert values into MySQL.
When I press the button submit- (activates function sendData(self)) error comes up with:
TypeError: simple_query() takes 2 positional arguments but 3 were given
I am not quite sure why the output is TypeError.
Where Im I going wrong here? Which section of the code do I need to change? And what needs changing?
答案1
得分: 2
def simple_query(self, sql):
self.cursor.execute(sql)
and
x.simple_query("INSERT INTO document_control (person) values ('%s')", values)
在这里,你将两个参数传递给 `simple_query`(查询字符串和 `values`),但它只接受一个参数 `sql`(`self` 是实例,在这种情况下是 `x`,会隐式传递)。
<br>
其他答案可以使你的代码工作,但也会使其容易受到 [SQL 注入][1] 的攻击。
例如,如果有人在 GUI 中输入字符串 `a'); delete from document_control; --`,则执行的查询将是
INSERT INTO document_control (person) values ('a'); delete from document_control; -- ')
这样不太好...
<br>
不要使用字符串插值,而应该使用参数化查询。可以通过允许 `simple_query` 接受可选的 `arguments` 元组来实现。
def simple_query(self, sql, args=None):
if not args:
self.cursor.execute(sql)
else:
self.cursor.execute(sql, args)
请记住,`args` 应该是一个元组或列表。
[1]: https://en.wikipedia.org/wiki/SQL_injection
英文:
def simple_query(self, sql):
self.cursor.execute(sql)
and
x.simple_query("INSERT INTO document_control (person) values ('%s')", values)
Here you are passing 2 arguments to simple_query (the query string and values) but it only accepts one, sql (self is the instance, in this case x, and is passed implicitly).
<br>
Other answers make your code work, but they also make it vulnerable to SQL injection.
For example, if someone were to enter the string a'); delete from document_control; -- in the GUI then the executed query will be
INSERT INTO document_control (person) values ('a'); delete from document_control; -- ')
Not so good...
<br>
Instead of using string interpolation you should use a parameterized query. It can be done by allowing simple_query to accept an optional arguments tuple.
def simple_query(self, sql, args=None):
if not args:
self.cursor.execute(sql)
else:
self.cursor.execute(sql, args)
Keep in mind that args should be a tuple or a list.
答案2
得分: 1
使用以下命令:
x.simple_query("INSERT INTO document_control (person) values ('%s')" % values)
我进行了如下测试:
class Test():
def simple_query(self, message):
print(message)
x = Test()
values = 'asasda'
x.simple_query("INSERT INTO document_control (person) values ('%s')" % values)
英文:
use the command
x.simple_query("INSERT INTO document_control (person) values ('%s')" %values)
I tested like
class Test():
def simple_query(self, message):
print(message)
x = Test()
values = 'asasda'
x.simple_query("INSERT INTO document_control (person) values ('%s')" %values)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论