mdbq 3.8.12__py3-none-any.whl → 3.8.13__py3-none-any.whl

mdbq/__version__.py

@@ -1 +1 @@
-VERSION = '3.8.12'
+VERSION = '3.8.13'

mdbq/mysql/mysql.py

@@ -354,23 +354,6 @@ class MysqlUpload:
                         else:
                             sql = f"ALTER TABLE `{table_name}` ADD UNIQUE (`{col}`)"
                         cursor.execute(sql)
-                    # if col in main_key or col in unique_main_key:
-                    #     sql = f"SHOW INDEXES FROM `{table_name}` WHERE `Column_name` = %s"
-                    #     cursor.execute(sql, (col))
-                    #     result = cursor.fetchone()  # 检查索引是否存在
-                    #     if not result:
-                    #         if col in main_key:
-                    #             sql = f"CREATE INDEX index_name ON `{table_name}`(`{col}`);"
-                    #             logger.info(f"设置为索引: {col}({dtypes[col]})")
-                    #             cursor.execute(sql)
-                    #         elif col in unique_main_key:
-                    #             if dtypes[col] == 'mediumtext':
-                    #                 sql = f"CREATE INDEX UNIQUE index_name ON `{table_name}` (`{col}`({index_length}));"
-                    #             else:
-                    #                 sql = f"CREATE INDEX UNIQUE index_name ON `{table_name}` (`{col}`);"
-                    #             logger.info(f"设置唯一索引: {col}({dtypes[col]})")
-                    #             logger.info(sql)
-                    #             cursor.execute(sql)
             connection.commit()  # 提交事务
             """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
             """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
@@ -429,11 +412,23 @@ class MysqlUpload:
                                 # logger.info(sql)
                                 cursor.execute(sql)
                     else:  # 没有数据返回，则直接插入数据
-                        cols = ', '.join(f"`{item}`" for item in dict_data.keys())  # 列名需要转义
-                        # data.update({item: f"{data[item]}" for item in data.keys()})  # 全部值转字符, 不是必须的
-                        values = ', '.join([f'"{item}"' for item in dict_data.values()])  # 值要加引号
-                        sql = f"INSERT INTO `{table_name}` ({cols}) VALUES ({values});"
-                        cursor.execute(sql)
+                        # cols = ', '.join(f"`{item}`" for item in dict_data.keys())  # 列名需要转义
+                        # # data.update({item: f"{data[item]}" for item in data.keys()})  # 全部值转字符, 不是必须的
+                        # values = ', '.join([f'"{item}"' for item in dict_data.values()])  # 值要加引号
+                        # sql = f"INSERT INTO `{table_name}` ({cols}) VALUES ({values});"
+                        # cursor.execute(sql)
+
+                        # 清理和验证列名
+                        safe_columns = [f"`{escape_string(str(col))}`" for col in dict_data.keys()]
+                        cols = ", ".join(safe_columns)
+                        # 使用参数化查询
+                        placeholders = ", ".join(["%s"] * len(dict_data))
+                        sql = f"INSERT INTO `{table_name}` ({cols}) VALUES ({placeholders})"
+                        # 转义值并作为参数传递
+                        escaped_values = [escape_string(str(v)) if isinstance(v, str) else v for v in
+                                          dict_data.values()]
+                        cursor.execute(sql, tuple(escaped_values))
+
                     connection.commit()  # 提交数据库
                     continue
 
@@ -559,23 +554,6 @@ class MysqlUpload:
                         else:
                             sql = f"ALTER TABLE `{table_name}` ADD UNIQUE (`{col}`)"
                         cursor.execute(sql)
-                    # if col in main_key or col in unique_main_key:
-                    #     sql = f"SHOW INDEXES FROM `{table_name}` WHERE `Column_name` = %s"
-                    #     cursor.execute(sql, (col))
-                    #     result = cursor.fetchone()  # 检查索引是否存在
-                    #     if not result:
-                    #         if col in main_key:
-                    #             sql = f"CREATE INDEX index_name ON `{table_name}`(`{col}`);"
-                    #             logger.info(f"设置为索引: {col}({dtypes[col]})")
-                    #             cursor.execute(sql)
-                    #         elif col in unique_main_key:
-                    #             if dtypes[col] == 'mediumtext':
-                    #                 sql = f"CREATE INDEX UNIQUE index_name ON `{table_name}` (`{col}`({index_length}));"
-                    #             else:
-                    #                 sql = f"CREATE INDEX UNIQUE index_name ON `{table_name}` (`{col}`);"
-                    #             logger.info(f"设置唯一索引: {col}({dtypes[col]})")
-                    #             logger.info(sql)
-                    #             cursor.execute(sql)
             connection.commit()  # 提交事务
             """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
             """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
@@ -631,11 +609,22 @@ class MysqlUpload:
                             # logger.info(sql)
                             cursor.execute(sql)
                 else:  # 没有数据返回，则直接插入数据
-                    cols = ', '.join(f"`{item}`" for item in dict_data.keys())  # 列名需要转义
-                    # data.update({item: f"{data[item]}" for item in data.keys()})  # 全部值转字符, 不是必须的
-                    values = ', '.join([f'"{item}"' for item in dict_data.values()])  # 值要加引号
-                    sql = f"INSERT INTO `{table_name}` ({cols}) VALUES ({values});"
-                    cursor.execute(sql)
+                    # cols = ', '.join(f"`{item}`" for item in dict_data.keys())  # 列名需要转义
+                    # # data.update({item: f"{data[item]}" for item in data.keys()})  # 全部值转字符, 不是必须的
+                    # values = ', '.join([f'"{item}"' for item in dict_data.values()])  # 值要加引号
+                    # sql = f"INSERT INTO `{table_name}` ({cols}) VALUES ({values});"
+                    # cursor.execute(sql)
+
+                    # 构建安全的INSERT语句
+                    safe_keys = [f"`{escape_string(str(k))}`" for k in dict_data.keys()]
+                    keys_data = ", ".join(safe_keys)
+                    placeholders = ", ".join(["%s"] * len(dict_data))
+
+                    # 使用参数化查询
+                    sql = f"INSERT INTO `{table_name}` ({keys_data}) VALUES ({placeholders}) ON DUPLICATE KEY UPDATE {update_datas}"
+                    escaped_values = [escape_string(str(v)) if isinstance(v, str) else v for v in dict_data.values()]
+                    cursor.execute(sql, tuple(escaped_values))
+
                 connection.commit()  # 提交数据库
                 connection.close()
                 return
@@ -677,9 +666,8 @@ class MysqlUpload:
             if str(v) == '':
                 v = 0
             v = str(v)
-            # v = re.sub('^-$|^--$|^nan$|^null$', '0', v, re.I)
-            # v = re.sub(',|="|"', '', v, re.I)
             v = re.sub('^="|"$', '', v, re.I)
+            v = re.sub(r'[\x00-\x1F\x7F-\x9F]', '', str(v))  # 移除控制字符
             if re.findall(r'^[-+]?\d+\.?\d*%$', v):
                 v = str(float(v.rstrip("%")) / 100)
 

{mdbq-3.8.12.dist-info → mdbq-3.8.13.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: mdbq
-Version: 3.8.12
+Version: 3.8.13
 Home-page: https://pypi.org/project/mdbq
 Author: xigua, 
 Author-email: 2587125111@qq.com

{mdbq-3.8.12.dist-info → mdbq-3.8.13.dist-info}/RECORD

@@ -1,5 +1,5 @@
 mdbq/__init__.py,sha256=Il5Q9ATdX8yXqVxtP_nYqUhExzxPC_qk_WXQ_4h0exg,16
-mdbq/__version__.py,sha256=Z4fNVSgyq1SukYbN9PNs-2zCbMVcI9eO75ErgL1qq4w,18
+mdbq/__version__.py,sha256=cmqMpHGJCaMGsHUAVyC67-oQIJBBnfayuPIXO2haNMo,18
 mdbq/aggregation/__init__.py,sha256=EeDqX2Aml6SPx8363J-v1lz0EcZtgwIBYyCJV6CcEDU,40
 mdbq/aggregation/query_data.py,sha256=9doVoOBEaLyHlT0fVEXpWtwLLV4NhpQs17kHQQ0p3ys,185443
 mdbq/config/__init__.py,sha256=jso1oHcy6cJEfa7udS_9uO5X6kZLoPBF8l3wCYmr5dM,18
@@ -7,7 +7,7 @@ mdbq/config/config.py,sha256=eaTfrfXQ65xLqjr5I8-HkZd_jEY1JkGinEgv3TSLeoQ,3170
 mdbq/log/__init__.py,sha256=Mpbrav0s0ifLL7lVDAuePEi1hJKiSHhxcv1byBKDl5E,15
 mdbq/log/spider_logging.py,sha256=-ozWWEGm3HVv604ozs_OOvVwumjokmUPwbaodesUrPY,1664
 mdbq/mysql/__init__.py,sha256=A_DPJyAoEvTSFojiI2e94zP0FKtCkkwKP1kYUCSyQzo,11
-mdbq/mysql/mysql.py,sha256=bYwzqB3oMUbTRlIWUdZCXso9oll1vHbcNvvBzT3AsKA,78967
+mdbq/mysql/mysql.py,sha256=xCWY-np41FE1yrQqVWs0AzKZK9DHDFlZ_gbnog5LaNY,77860
 mdbq/mysql/s_query.py,sha256=X055aLRAgxVvueXx4NbfNjp6MyBI02_XBb1pTKw09L0,8660
 mdbq/other/__init__.py,sha256=jso1oHcy6cJEfa7udS_9uO5X6kZLoPBF8l3wCYmr5dM,18
 mdbq/other/download_sku_picture.py,sha256=YU8DxKMXbdeE1OOKEA848WVp62jYHw5O4tXTjUdq9H0,44832
@@ -21,7 +21,7 @@ mdbq/redis/__init__.py,sha256=YtgBlVSMDphtpwYX248wGge1x-Ex_mMufz4-8W0XRmA,12
 mdbq/redis/getredis.py,sha256=Uk8-cOWT0JU1qRyIVqdbYokSLvkDIAfcokmYj1ebw8k,24104
 mdbq/spider/__init__.py,sha256=RBMFXGy_jd1HXZhngB2T2XTvJqki8P_Fr-pBcwijnew,18
 mdbq/spider/aikucun.py,sha256=m7ZIvrc9pqoGCYEH3FtgKTwqhX7QB6qzgc2twDzhX4w,19962
-mdbq-3.8.12.dist-info/METADATA,sha256=IkddKvTvsNeBEFDqgpNfJOcJj0kkOy1TFt6wKoNiQYw,364
-mdbq-3.8.12.dist-info/WHEEL,sha256=jB7zZ3N9hIM9adW7qlTAyycLYW9npaWKLRzaoVcLKcM,91
-mdbq-3.8.12.dist-info/top_level.txt,sha256=2FQ-uLnCSB-OwFiWntzmwosW3X2Xqsg0ewh1axsaylA,5
-mdbq-3.8.12.dist-info/RECORD,,
+mdbq-3.8.13.dist-info/METADATA,sha256=HEw9yfBRwMt6PWbT5Mr1O6pwyYaZVKCT0Yf6qt8hrzU,364
+mdbq-3.8.13.dist-info/WHEEL,sha256=jB7zZ3N9hIM9adW7qlTAyycLYW9npaWKLRzaoVcLKcM,91
+mdbq-3.8.13.dist-info/top_level.txt,sha256=2FQ-uLnCSB-OwFiWntzmwosW3X2Xqsg0ewh1axsaylA,5
+mdbq-3.8.13.dist-info/RECORD,,