MySQL的1064错误是SQL语句写的有问题时出现的，即SQL的语法错误。笔者常常使用MySQL-python这个库来对MySQL进行操作，代码中报这个错误的一般是cursor.execute(sql, param)这一行。

这种参数式执行SQL语句的用法可以有效防止SQL注入的安全问题，但是为什么MySQL会报错呢？如果你确认SQL写的没问题，检查一下SQL语句中是否使用了引号。

在使用cursor.execute(sql, param)时，MySQL-python库会自动转义含有%s的字符串，所以不要画蛇添足在SQL语句中给%s加引号了，会报1064的错误滴！

另外也有许多人使用有SQL注入隐患的cursor.execute(sql % param)这种用法，这样是可以给%s加引号的。

但是安全问题孰重孰轻，相信各位自有判断。

在使用pymysql对mysql进行操作时，使用%s给excute传入参数时出错，错误代码如下：

table="huxing_table" key="house_structure_page_url" value="test" cursor=db.cursor() cursor.execute("INSERT INTO %s (%s) VALUES(%s)",(table,key,value)) db.commit() cursor.close() 

错误提示为：

讯享网Traceback (most recent call last): File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/cursors.py", line 112, in execute result = self._query(query) File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/cursors.py", line 230, in _query conn.query(q) File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 607, in query self._affected_rows = self._read_query_result() File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 691, in _read_query_result result.read() File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 869, in read self.first_packet = self.connection.read_packet() File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 686, in read_packet packet.check_error() File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 328, in check_error raise_mysql_exception(self.__data) File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/err.py", line 142, in raise_mysql_exception _check_mysql_exception(errinfo) File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/err.py", line 135, in _check_mysql_exception raise errorclass(errno,errorvalue) pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''huxing_table' ('house_structure_page_url') VALUES('test')' at line 1") During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/Users/huangjing/downHouseInfo/MainF.py", line 238, in <module> cursor.execute("INSERT INTO %s (%s) VALUES(%s)",(table,key,value)) File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/cursors.py", line 117, in execute self.errorhandler(self, exc, value) File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/connections.py", line 189, in defaulterrorhandler raise errorclass(errorvalue) pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''huxing_table' ('house_structure_page_url') VALUES('test')' at line 1") Exception ignored in: <bound method Cursor.__del__ of <pymysql.cursors.Cursor object at 0x10585ebe0>> Traceback (most recent call last): File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/cursors.py", line 41, in __del__ File "/Users/huangjing/Library/Python/3.5/lib/python/site-packages/pymysql/cursors.py", line 47, in close ReferenceError: weakly-referenced object no longer exists 

但是，尝试执行

cursor.execute("INSERT INTO huxing_table (house_structure_page_url) VALUES(%s)",(value)) 

时，没有错误提示。

讯享网

在错误提示第31行发现，执行的mysql语句中用%s替换的参数外加上了单引号。

讯享网''huxing_table' ('house_structure_page_url') VALUES('test')' 

在mysql命令行终端进行测试，执行语句

mysql> insert into huxing_table (`house_structure_page_url`) values("test"); Query OK, 1 row affected (0.00 sec) 

没有错误提示。而执行

讯享网mysql> insert into huxing_table ('house_structure_page_url') values("test"); ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''house_structure_page_url') values("test")' at line 1 

则有错误提示。再进行验证

mysql> insert into huxing_table (house_structure_page_url) values('test'); Query OK, 1 row affected (0.00 sec) 

不出错。

讯享网mysql> insert into 'huxing_table' (house_structure_page_url) values("test"); ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''huxing_table' (house_structure_page_url) values("test")' at line 1 

出错，说明在mysql的insert语句中表名和列名外都不能加单引号，而值则可以加单引号。