pymysql installation: pip3 install pymysql
The first example: user authentication database connected |
Conditions: The database already exists in a user table that contains the user name and password
Import pymysql User = INPUT ( " username: " ) pwd = INPUT ( " password: " ) # connect to the database, simply opens the database DB = pymysql.connect (Host = ' localhost ' ,
User = ' the root ' ,
password = ' 123456 ' ,
database = ' UserInfo ', # database name used
charset = 'UTF-. 8' ) # host host database location Cursor db.cursor = () #Cursor by the cursor query operation of the database, after from a table used by SQL = " SELECT * from the user_pwd WHERE username = '% S' and password = '% S' " % (User, pwd) # here is the use of replacing a string cursor.execute (sql) # query statements in the database by Data = cursor.fetchone () # query results of the use or fetchall () the result out cursor.close () # close the cursor using db.Close ( ) # close the database IF the Data: Print ( " successful landing " ) the else : Print ( " login failed " )
In database operations, the string replacement operation may encounter data injection, what is data injection?
Example: When the input user name: uu '1 = 1 -
If this condition met
sql = "select * from user_pwd where username = '%s' and password = '%s'"%(user,pwd)
After the replacement string
sql = "select * from user_pwd where username = 'uu' or 1=1 --' and password = '%s'"
# (Here - represented in the database are annotated meaning), the user name username = uu, 1 = 1 absolutely valid, thus bypassing the authentication is successful user authentication directly! ! This is the data injection! !
In the pymysql .execute () function has been related to the data replacement process, character replacement may be performed directly by this function, it should be written as examples:
Import pymysql User = INPUT ( " username: " ) pwd = INPUT ( " password: " ) # connect to the database, simply opens the database DB = pymysql.connect (Host = ' localhost ' , = User ' the root ' , password = ' 123456 ' , database = ' UserInfo ' ) # host database hosts position cursor = db.cursor () # cursor SQL = " SELECT * wHERE from the user_pwd username and password =% S =% S " the cursor.execute (sql, (User, pwd)) # where% is not or .format () string replacement, use may be made correctly escape, thereby avoiding the occurrence of sql injection # the cursor.execute (sql, [ user, pwd]) # another way # third written # SQL = "SELECT * WHERE username from the user_pwd% = (U) and S =% password (P) S" # the cursor.execute (SQL, { 'U ': the User,' the p-': pwd}) the Data = cursor.fetchone () # query results cursor.close () db.Close () IF the Data: Print ( " successful landing " ) the else : Print ( " login failed " )
pymysql additions and deletions |
Note: CRUD sql statements are required to submit: conn.commit ()
First, the increase
1. Basic Edition
Import pymysql DB = pymysql.connect (Host = ' localhost ' , = User ' the root ' , password = ' 123456 ' , Database = ' UserInfo ' ) # Host database hosts position Cursor = db.cursor () # cursor SQL = " the user_pwd INTO INSERT (username, password) values ( 'Vera', '1234') "wherein the database id # is incremented sequence, otherwise an error the cursor.execute (SQL)
Print (cursor.lastrowid) # is obtained here in the database id id value increment of the db.commit () # as long as you want to modify data in the table, must commit to submit sql statement cursor.close () db.Close ()
2. an advanced version: manually enter a user name and password
import pymysql user = input('username:') pwd = input('password:') db = pymysql.connect(host='localhost', user='root',password='123456', database='userinfo') # host 数据库所在主机位置 cursor = db.cursor() # 游标 sql = "insert into user_pwd(username,password) values(%s,%s)" cursor.execute(sql,(user,pwd)) #Manually enter a user name, password # has a return value: the number of rows affected (1 line) the db.commit () # as long as you want to modify data in the table, must commit to submit sql statement cursor.close () db.Close ( )
3. Advanced two: two input user name and password into the database at the same time (using: cursor.executemany () function)
import pymysql db = pymysql.connect(host='localhost', user='root',password='123456', database='userinfo') # host 数据库所在主机位置 cursor = db.cursor() # 游标 # sql = "insert into user_pwd(username,password) values(%s,%s)" # cursor.execute(sql,(user,pwd)) sql = "insert into user_pwd(username,password) values(%s,%s)" cursor.executemany(sql,[('guan_guan',' 22 is ' ), ( ' you_you ' , ' 33 is ' )]) # return a value: number of rows affected print (cursor.lastrowid) # id is inserted here to get the data value id id of the last
the db.commit () # as long as you want to modify data in the table, must commit to submit sql statement cursor.close () db.Close ()
Delete, and modify the above (except different sql statement)
pymysql of investigation |
Number of different data found mainly have different functions
1.fetch series
Import pymysql DB = pymysql.connect (Host = ' localhost ' , = User ' the root ' , password = ' 123456 ' , Database = ' UserInfo ' ) # Host database hosts position Cursor = db.cursor () # cursor SQL = " * from the user_pwd SELECT " the cursor.execute (SQL) # take only the first query to # Data = cursor.fetchone () # results
# Indicates that this is the cursor pointer of the query (along a mating) Discover # data = cursor.fetchone () # 2 is started from the result
# Conjunctive query to the specified number of query result # Data cursor.fetchmany = (. 3) # take full results of the query to Data = cursor.fetchall () Print (Data) cursor.close () db.Close ()
2. Specify the location to start printing results
cursor.scroll (2, mode = 'relative ') # relative to the current position of the mobile # cursor.scroll (3, mode = ' absolute') # absolute relative position
Moving a first action value, integer downward movement, downward movement is negative, mode is specified relative to the current position, or move relative to the first row
Import pymysql DB = pymysql.connect (Host = ' localhost ' , = User ' the root ' , password = ' 123456 ' , Database = ' UserInfo ' ) # Host database hosts position Cursor = db.cursor () # cursor SQL = " * from the user_pwd SELECT " the cursor.execute (SQL) # specified location query begins cursor.scroll (2, MODE = ' relative ' ) # relative to the current position of the mobile # cursor.scroll (. 3, MODE = 'absolute') relative absolute position # mobile #Just take the first query to the Data cursor.fetchone = () # Results Print (Data) cursor.close () db.Close ()
3. Use pymysql.cursors.DictCursor parameter returns dictionary for easy viewing
Import pymysql DB = pymysql.connect (Host = ' localhost ' , = User ' the root ' , password = ' 123456 ' , Database = ' UserInfo ' ) # Host database hosts position cursor = db.cursor (cursor = pymysql.cursors. DictCursor) # cursors, default = None the cursor SQL = " the SELECT * from the user_pwd " cursor.execute (SQL) # take full results of the query to the Data = cursor.fetchall () Print (the Data) # to print the list of dictionary easy View cursor.close () db.Close ()
: Examples database used https://files.cnblogs.com/files/Vera-y/myemployees.zip