• pymysql模块

    pymysql注入

      用户在输入的时候带有恶意的sql语句,而后端没有检测就直接拼接,获得的语句和期望的语句不一致 (带有’--)

    1,查

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor(cursor=pymysql.cursors.DictCursor)
11 sql="select * from userinfo;"
12 cursor.execute(sql)
13 ret=cursor.fetchall()
14 print(ret)
15 ret1=cursor.fetchmany(1)
16 print(ret1)
17 ret2=cursor.fetchone()
18 print(ret2)
19 cursor.close()
20 conn.close()
    View Code

    2,增

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="insert into userinfo (username,password) values(%s,%s);"
12 cursor.execute(sql,['fei',"234"])
13 conn.commit()
14 cursor.close()
15 conn.close()
    View Code

    3,改

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="update userinfo set password=%s where username=%s;"
12 cursor.execute(sql,['abc',"fei"])
13 conn.commit()
14 cursor.close()
15 conn.close()
    View Code

    4,删

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="delete from userinfo where username=%s;"
12 cursor.execute(sql,["fei"])
13 conn.commit()
14 cursor.close()
15 conn.close()
    View Code

    移动光标

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor(cursor = pymysql.cursors.DictCursor)
11 sql="select * from userinfo;"
12 cursor.execute(sql)
13 cursor.scroll(1,mode="relative")
14 #cursor.scroll(1,mode="absolute")
15 ret = cursor.fetchmany(1)
16 print(ret)
17 cursor.close()
18 conn.close()
    View Code

    回滚

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="insert into userinfo (username,password) values(%s,%s)"
12 cursor.execute(sql,['fei',"123"])
13 conn.rollback()
14 conn.commit()
15 cursor.close()
16 conn.close()
    View Code
  • 相关阅读:
    Oracle内置函数之数值型函数
    【Java基础】java 获得本日,本周,本月的时间戳区间
    【mybatis】1、入门CURD基本操作(环境搭建)
    【hibernate】<第二节>hibernate的一对多映射(基本类型)
    Hibernate Java、Hibernate、SQL 之间数据类型转换
    【hibernate】<第一节>hibernate简单入门
    WebService wsdl没有types的问题
    Hibernate出现javax.naming.NoInitialContextException 错误的解决办法
    easyui 的 DataGrid View 使用
    Date与String之间相互转换
  • 原文地址:https://www.cnblogs.com/ruoxiruoxi/p/9754852.html
Copyright © 2020-2023  润新知