小数是一个与数据库数字类型匹配良好的定点数字。他们真的很有用,但如果我不能说服你使用他们。在largest = [float(d[0]) for d in nlargest]
会给予
^{pr2}$
或者更好,因为cur是一个iteriblecur.execute("SELECT desiredParams FROM tableOfInterest;")
nlargest = [float(g[0]) for g in heapq.nlargest(5, cur)]
为了让它变得漂亮cur.execute("SELECT param FROM tableOfInterest ORDER BY param DESC FIRST 5;")
nlargest = [float(r.param) for r in cur]
或者跳过列表构建,直接去做cur.execute("SELECT param FROM tableOfInterest ORDER BY param DESC FIRST 5;")
for param, in cur:
stuff_to_do_with_first_5(float(param))
绑定的方式看起来不错,但实际上很糟糕(由于pyscopg对绑定变量的错误处理)。问题是pysco只将值%放入字符串中,因此隐藏了向字符串中注入sql的能力。在cur.execute("SELECT param FROM tableOfInterest ORDER BY param DESC FIRST %s;", (num_results,))
这种方式看起来不好,但比以前更安全cur.execute("SELECT param FROM tableOfInterest ORDER BY param DESC FIRST %d;" % num_results)