python操作mysql

pymysql

pymsql是Python中操作MySQL的模块，其使用方法和MySQLdb几乎相同。

使用操作

1.执行SQL

#!/usr/bin/env python
# -*- coding:utf-8 -*-
import pymysql
  
# 创建连接
conn = pymysql.connect(host='127.0.0.1', port=3306, user='sunhao', passwd='123456', db='mydatabase')
# 创建游标
cursor = conn.cursor()
  
# 执行SQL，并返回收影响行数
effect_row = cursor.execute("update hosts set host = '1.1.1.2'")
  
# 执行SQL，并返回受影响行数
#effect_row = cursor.execute("update hosts set host = '1.1.1.2' where nid > %s", (1,))
  
# 执行SQL，并返回受影响行数
# effect_row = cursor.executemany("insert into hosts(host,color_id)values(%s,%s)", [("1.1.1.11",1),("1.1.1.11",2)])

# effect_row = cursor.execute("insert into hosts(host,color_id)values(%s,%s)", ("1.1.1.11",1))

# 提交，不然无法保存新建或者修改的数据 conn.commit() # 关闭游标 cursor.close() # 关闭连接 conn.close()

list=[

("1.1.1.11",1),

("1.1.1.12",2),

("1.1.1.13",3)]
effect_row = cursor.executemany("insert into hosts(host,color_id)values(%s,%s)",list)

2、获取新创建数据自增ID

#!/usr/bin/env python
# -*- coding:utf-8 -*-
import pymysql
  
conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='123456', db='mydatabase')
cursor = conn.cursor()
cursor.executemany("insert into my_class(number,name)values(%s,%s)", [(1,'jim'),(2,'tom')])
conn.commit()
cursor.close()
conn.close()
  
# 获取最新自增ID
new_id = cursor.lastrowid

3、获取查询数据

#!/usr/bin/env python
# -*- coding:utf-8 -*-
import pymysql
  
conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='123456', db='mydatabase')
cursor = conn.cursor()
cursor.execute("select * from my_class")
  
# 获取第一行数据
row_1 = cursor.fetchone()
  
# 获取前n行数据
# row_2 = cursor.fetchmany(3)
# 获取所有数据
# row_3 = cursor.fetchall()
  
conn.commit()
cursor.close()
conn.close()

4、fetch数据类型

　　关于默认获取的数据是元祖类型，如果想要或者字典类型的数据，即：

#!/usr/bin/env python
# -*- coding:utf-8 -*-
import pymysql
  
conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='123456', db='mydatabase')
  
# 游标设置为字典类型
cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
r = cursor.execute("call p1()")
  
result = cursor.fetchone()
  
conn.commit()
cursor.close()
conn.close()

注：在fetch数据时按照顺序进行，可以使用cursor.scroll(num,mode)来移动游标位置，如：

• cursor.scroll(1,mode='relative')  # 相对当前位置移动      往下走一个指针 cursor.scroll(-1,mode='relative')  -1是往上走
• cursor.scroll(2,mode='absolute') # 相对绝对位置移动  指针移动到第一个位置

5. SQL注入问题 

import pymysql

conn = pymysql.connect(host='121.201.34.173',port=3306,user='sunhao',passwd='123456',db='mydatabase',charset='utf8')

cur = conn.cursor()

inp = input("请输入姓名:")
# 字符串拼接形式  禁止使用这种操作
sql = "insert into my_class(number,name) values(12,'%s')"

sql = sql % (inp,)

effect_row = cur.execute(sql)


data = cur.fetchone()
print(data)
conn.commit()
cur.close()
conn.close()

sql='select username,password from userinfo where username= "%s" and password = "%s"'   #sql注入问题 sql语句注释用--
sql=sql%("alex or 1=1 -- ",123456)
cursor.execute(sql)