• pymysql


    import pymysql
    
    # 连接
    
    conn = pymysql.connect(
        user='root',
        password='',
        host='127.0.0.1',
        port=3306,
        charset='utf8',
        database='day36'
    )
    # 游标
    # cursor = conn.cursor()
    cursor = conn.cursor(cursor=pymysql.cursors.DictCursor) # 产生一个右游标对象
    # cursor=pymysql.cursors.DictCursor 将查询出的结果制作成字典形式返回
    sql = 'select * from user_info'
    res = cursor.execute(sql)  # 执行sql语句,返回sql查询成功的记录数目
    # print(res)
    # 查
    # ret = cursor.fetchone()  # 只获取查询结果中的一条数据
    # ret = cursor.fetchall() # 获取查询结果的所有数据
    # ret = cursor.fetchmany(2) # 指定获取几条数据,如果数字超过总数也不会报错
    # print(ret)
    
    
    
    print(cursor.fetchone())
    print(cursor.fetchone())
    # 相对移动
    # cursor.scroll(1, 'relative') # 基于指针所在的位置 往后偏移
    # 绝对移动
    cursor.scroll(3, 'absolute') # 基于起始位置 往后偏移
    print(cursor.fetchall())
    

    sql注入问题

    '''
     	利用特殊符号和注释语法,巧妙绕过真正的sql校验
     	关键性的数据,不要自己手动去拼接,而是交由execute做拼接
    '''
    # sql注入之:用户存在,绕过密码
    若输入lzn' -- 任意字符  会显示用户信息
    
    # sql注入之:用户不存在,绕过用户与密码
    若输入xxx' or 1=1 -- 任意字符  会显示所有信息  or后面的1=1条件永远成立
    
    
    import pymysql
    
    conn = pymysql.connect(
        user='root',
        password='',
        db='day36',
        host='127.0.0.1',
        port=3306,
        charset='utf8'
    )
    
    cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
    # 获取用户输入的用户名和密码,然后去数据库中校验
    username = input('username>>>:').strip()
    password = input('password>>>:').strip()
    # sql = "select * from user_info where name='%s' and password = '%s'"%(username, password)
    # cursor.execute(sql)
    sql = "select * from user_info where name=%s and password=%s"
    cursor.execute(sql, [username, password])
    
    res = cursor.fetchall()
    if res:
        print(res)
    
    else:
        print('username or password error!')
    
      
    #解决方法
    # sql = "select * from user_info where name='%s' and password='%s'"%(username,password)
    # res = cursor.execute(sql)
    #改写为(execute帮我们做字符凭借,我们无需切一定不能再为%s加引号,pymysql会自动加上)
    # sql = "select * from user_info where name=%s and password=%s" 
    # res = cursor.excute(sql,[username, password])
    
    
        
    
    
    

    数据的增删改

    import pymysql
    
    conn = pymysql.connect(
    	user='root',
        password='',
        db='day36',
        host='127.0.0.1',
        port=3306,
        charset='utf8',
        autocommit = True  # 自动提交确认
    )
    
    cursor = conn.cursor(cursor=pymysql.cursor.DictCursor)
    
    # 增
    sql = "insert into user_info(name, password) values('lll','111')"
    # 改
    sql = "update user_info set name='zzz' where id = 5"
    # 删除
    sql = "delete from user_info where id = 1"
    res = cursor.execute(sql)
    # conn.commit() # 确认当前操作,真正同步到数据库 已设置autocommit
    print(res)
    
    
    '''
    针对增、删、改操作,执行重要程度偏高,必须要有一步确认操作(commit)
    '''
    
  • 相关阅读:
    kvm 存储
    centos 磁盘扩容,新建lv
    openStack windows2008 centos6.* img
    openStack icehouse for centos6.4 production Env 实战
    openStack error infos 调试
    iptables 规则预设置为新centos系统
    ubuntu openStack icehouse dashboard theme自定义
    linux c in common use function reference manual
    openStack centos6.4
    ubuntu 常用生产环境部署配置测试调优
  • 原文地址:https://www.cnblogs.com/littleb/p/12051033.html
Copyright © 2020-2023  润新知