python执行sql语句里字符串格式化是否添加单引号的两种情况

 1  1 import pymysql
 2  2 
 3  3 db = pymysql.connect(host='localhost', user='root',  password='123456', database='jddj',port=3306)
 4  4 cursor = db.cursor()
 5  5 
 6  6 # 方式1：Python的字符串格式化，String类型需要加上单引号
 7  7 upc = '6971286372249'
 8  8 sql = "SELECT * FROM product WHERE upc='%s'" % upc
 9  9 cursor.execute(sql)
10 10 
11 11 # 方式2：pymysql里excute自带的字符串拼接，不需要加上单引号
12 12 sql = "SELECT * FROM product WHERE upc=%s"
13 13 cursor.execute(sql, '6971286372249')
14 14 
15 15 # 取出查询数据
16 16 data = cursor.fetchall()
17 17 
18 18 db.close()