python mysql 防注入 list =['22222'] list[key] = '%'+item+'%' #这是重点 sql += ' {Connect} real_code like %s'.format(Connect=Connect) cursor = funs.con_db() cursor.execute(sql, tuple(list))