1. sqlite3 标准库
标准库内置 SQLite 驱动,适合原型与嵌入式场景。生产可换 PostgreSQL/MySQL 驱动(如 psycopg、mysqlclient),连接 URL 与事务概念相通。
import sqlite3
conn = sqlite3.connect("app.db")
conn.execute(
"CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, name TEXT NOT NULL)"
)
conn.commit()2. 参数化查询(防注入)
# 使用占位符,勿拼接字符串
conn.execute("INSERT INTO users (name) VALUES (?)", ("alice",))
conn.execute("SELECT id, name FROM users WHERE name = ?", ("alice",))3. 事务
try:
conn.execute("UPDATE accounts SET balance = balance - 10 WHERE id = 1")
conn.execute("UPDATE accounts SET balance = balance + 10 WHERE id = 2")
conn.commit()
except Exception:
conn.rollback()
raise📋 本章要点
始终参数化 SQL;显式 commit/rollback;复杂项目可引入 SQLAlchemy 等 ORM。
评论加载中...