pymysql installation: pip3 install pymysql
| The first example: user authentication database connected |
Conditions: The database already exists in a user table that contains the user name and password
Import pymysql User = INPUT ( " username: " ) pwd = INPUT ( " password: " ) # connect to the database, simply opens the database DB = pymysql.connect (Host = ' localhost ' ,
User = ' the root ' ,
password = ' 123456 ' ,
database = ' UserInfo ', # database name used
charset = 'UTF-. 8' ) # host host database location Cursor db.cursor = () #Cursor by the cursor query operation of the database, after from a table used by SQL = " SELECT * from the user_pwd WHERE username = '% S' and password = '% S' " % (User, pwd) # here is the use of replacing a string cursor.execute (sql) # query statements in the database by Data = cursor.fetchone () # query results of the use or fetchall () the result out cursor.close () # close the cursor using db.Close ( ) # close the database IF the Data: Print ( " successful landing " ) the else : Print ( " login failed " )
In database operations, the string replacement operation may encounter data injection, what is data injection?
Example: When the input user name: uu '1 = 1 -
If this condition met
sql = "select * from user_pwd where username = '%s' and password = '%s'"%(user,pwd)
After the replacement string
sql = "select * from user_pwd where username = 'uu' or 1=1 --' and password = '%s'"
# (Here - represented in the database are annotated meaning), the user name username = uu, 1 = 1 absolutely valid, thus bypassing the authentication is successful user authentication directly! ! This is the data injection! !
In the pymysql .execute () function has been related to the data replacement process, character replacement may be performed directly by this function, it should be written as examples:
Import pymysql User = INPUT ( " username: " ) pwd = INPUT ( " password: " ) # connect to the database, simply opens the database DB = pymysql.connect (Host = ' localhost ' , = User ' the root ' , password = ' 123456 ' , database = ' UserInfo ' ) # host database hosts position cursor = db.cursor () # cursor SQL = " SELECT * wHERE from the user_pwd username and password =% S =% S " the cursor.execute (sql, (User, pwd)) # where% is not or .format () string replacement, use may be made correctly escape, thereby avoiding the occurrence of sql injection # the cursor.execute (sql, [ user, pwd]) # another way # third written # SQL = "SELECT * WHERE username from the user_pwd% = (U) and S =% password (P) S" # the cursor.execute (SQL, { 'U ': the User,' the p-': pwd}) the Data = cursor.fetchone () # query results cursor.close () db.Close () IF the Data: Print ( " successful landing " ) the else : Print ( " login failed " )
| pymysql additions and deletions |
Note: CRUD sql statements are required to submit: conn.commit ()
First, the increase
1. Basic Edition
Import pymysql DB = pymysql.connect (Host = ' localhost ' , = User ' the root ' , password = ' 123456 ' , Database = ' UserInfo ' ) # Host database hosts position Cursor = db.cursor () # cursor SQL = " the user_pwd INTO INSERT (username, password) values ( 'Vera', '1234') "wherein the database id # is incremented sequence, otherwise an error the cursor.execute (SQL)
Print (cursor.lastrowid) # is obtained here in the database id id value increment of the db.commit () # as long as you want to modify data in the table, must commit to submit sql statement cursor.close () db.Close ()
2. an advanced version: manually enter a user name and password
import pymysql user = input('username:') pwd = input('password:') db = pymysql.connect(host='localhost', user='root',password='123456', database='userinfo') # host 数据库所在主机位置 cursor = db.cursor() # 游标 sql = "insert into user_pwd(username,password) values(%s,%s)" cursor.execute(sql,(user,pwd)) #Manually enter a user name, password # has a return value: the number of rows affected (1 line) the db.commit () # as long as you want to modify data in the table, must commit to submit sql statement cursor.close () db.Close ( )
3. Advanced two: two input user name and password into the database at the same time (using: cursor.executemany () function)
import pymysql db = pymysql.connect(host='localhost', user='root',password='123456', database='userinfo') # host 数据库所在主机位置 cursor = db.cursor() # 游标 # sql = "insert into user_pwd(username,password) values(%s,%s)" # cursor.execute(sql,(user,pwd)) sql = "insert into user_pwd(username,password) values(%s,%s)" cursor.executemany(sql,[('guan_guan',' 22 is ' ), ( ' you_you ' , ' 33 is ' )]) # return a value: number of rows affected print (cursor.lastrowid) # id is inserted here to get the data value id id of the last
the db.commit () # as long as you want to modify data in the table, must commit to submit sql statement cursor.close () db.Close ()
Delete, and modify the above (except different sql statement)
| pymysql of investigation |
Number of different data found mainly have different functions
1.fetch series
Import pymysql DB = pymysql.connect (Host = ' localhost ' , = User ' the root ' , password = ' 123456 ' , Database = ' UserInfo ' ) # Host database hosts position Cursor = db.cursor () # cursor SQL = " * from the user_pwd SELECT " the cursor.execute (SQL) # take only the first query to # Data = cursor.fetchone () # results
# Indicates that this is the cursor pointer of the query (along a mating) Discover # data = cursor.fetchone () # 2 is started from the result
# Conjunctive query to the specified number of query result # Data cursor.fetchmany = (. 3) # take full results of the query to Data = cursor.fetchall () Print (Data) cursor.close () db.Close ()
2. Specify the location to start printing results
cursor.scroll (2, mode = 'relative ') # relative to the current position of the mobile # cursor.scroll (3, mode = ' absolute') # absolute relative position
Moving a first action value, integer downward movement, downward movement is negative, mode is specified relative to the current position, or move relative to the first row
Import pymysql DB = pymysql.connect (Host = ' localhost ' , = User ' the root ' , password = ' 123456 ' , Database = ' UserInfo ' ) # Host database hosts position Cursor = db.cursor () # cursor SQL = " * from the user_pwd SELECT " the cursor.execute (SQL) # specified location query begins cursor.scroll (2, MODE = ' relative ' ) # relative to the current position of the mobile # cursor.scroll (. 3, MODE = 'absolute') relative absolute position # mobile #Just take the first query to the Data cursor.fetchone = () # Results Print (Data) cursor.close () db.Close ()
3. Use pymysql.cursors.DictCursor parameter returns dictionary for easy viewing
Import pymysql DB = pymysql.connect (Host = ' localhost ' , = User ' the root ' , password = ' 123456 ' , Database = ' UserInfo ' ) # Host database hosts position cursor = db.cursor (cursor = pymysql.cursors. DictCursor) # cursors, default = None the cursor SQL = " the SELECT * from the user_pwd " cursor.execute (SQL) # take full results of the query to the Data = cursor.fetchall () Print (the Data) # to print the list of dictionary easy View cursor.close () db.Close ()
: Examples database used https://files.cnblogs.com/files/Vera-y/myemployees.zip