# 1. 待删除的多个参数(业务传入) oenum_list = ["OE123", "OE456"] start_time = "2025-01-01 00:00:00" # 新增参数1:时间阈值 status = 0 # 新增参数2:状态值 # 2. 多参数防注入写法(仅需加新的占位符+传参) if oenum_list: # 核心校验仍保留 # ① SQL中定义多个占位符::ids / :start_time / :status sql = db.text(""" DELETE a, b, c FROM tables a LEFT JOIN tables b ON a.itemid = b.listing_id LEFT JOIN tables c ON a.itemid = c.itemid WHERE a.keyword IN :ids AND a.create_time < :start_time -- 新增参数1:时间条件 AND b.status = :status -- 新增参数2:状态条件 """) # ② 执行时传入字典,key对应占位符,值支持任意类型(自动转义) db.session.execute( sql, { "ids": tuple(oenum_list), # 列表转元组(IN条件必需) "start_time": start_time, # 字符串参数(自动加引号) "status": status # 数字参数(无需手动处理) } ) db.session.commit() else: print("无待删除数据,跳过")