First, the full version of SQL query statement
select
distinct post,avg(salary)
from
table
where
id > 1
group by
post`
having
avg(salary)>100
order by
avg(salary)
limit 5,5
group by: After grouping, the grouping is based on the smallest identifiable unit, can no longer obtain information directly to other fields, if you want to obtain additional information fields, only indirectly by acquiring additional methods, the above situation requires you to set strict mode, if the entire SQL statement has no group by default is a whole group.
Second, aggregate functions
- max
- me
- avg
- sum
- count
ps: polymerizable function only after the packet
Three, distinct and limit
distinct (de-emphasis) must meet the data de-duplication is exactly the same case, in order to achieve the effect of weight, if you check out the data contained in the primary key field, it is impossible to re success.
limit 5; write only one parameter, starting from the first show 5
limit 5,5; starting from the fifth, excluding Article V, showing five
ps: MySQL is not case sensitive
Fourth, fuzzy matching, and regular expression match
1, fuzzy match
%: Any number of characters
_: Any single character
2, regular expressions
where name regexp "^j.*(n|y)$"
Denotes beginning j, n end or y, the intermediate is any character
Indicates that matches any character except a newline
* Indicates o to infinity
+ Represents 1 to infinity
? 0 or 1
^ What does it begin with
$ Express what end
Recalling the re module
findall: packet priority, the brackets will be matched to the regular priority return
match: scratch match, a match to return
search: the whole match, a match to return
res = match ( '^ j * (n |. y) $', 'Jason')
print(res.group())
Five, concat and concat_ws
concat and before the packets with concat_ws
concat (name, ':', age, ':', salary) for string concatenation
concat_ws ( ':', name, age, salary) is consistent with the above results
Join method is similar to the string, but differentiated: join method can only be used between the strings.
':'. Join ([ '1', 2, '3']) are the numbers because, being given
六、exists
keyword indicates that there exists, exists in the use of the keyword, the inner query does not return records check, but return a true or false value, True or False.
When returning True, the outer query will query
When returning False, not the outer query query
select * from emp where exists (select id from dep where id>203);
Seven, pymysql module
import pymysql
conn = pymysql.connect(
host='127.0.0.1',
port=3306,
user='root',
passwoord='123',
database='day38',
charset='utf8' # 不能加—
)
cursor=conn.cursor(pymysql.cursors.DictCursor) # 产生一个游标对象,以字典的形式返回查询结果
sql = 'select * from teacher'
res = cursor.execute(sql) # 执行传入的sql语句
print(res) # res是执行语句返回的数据条数
print(cursor.fetchone()) # 只获取一条数据
print(cursor.fetchone()) # 只获取一条数据
print(cursor.fetchone()) # 只获取一条数据
cursor.scroll(2,'absolute') # 控制光标移动 absolute相对于起始位置,往后移动几位
cursor.scroll(1,'relative') # relative相对于当前位置,往后移动几位
print(cursor.fetchall()) # 获取所有的数据,返回的结果是一个列表
cursor.close()
conn.close()
Eight, sql injection problems
import pymysql
conn = pymysql.connect(
host = '127.0.0.1',
port = 3306,
user = 'root',
password = '123',
database = 'day38',
charset = 'utf8', # 编码千万不要加- 如果写成了utf-8会直接报错
autocommit = True # 这个参数配置完成后 增删改操作都不需要在手动加conn.commit了
)
cursor = conn.cursor(pymysql.cursors.DictCursor) # 产生一个游标对象 以字典的形式返回查询出来的数据 键是表的字段 值是表的字段对应的信息
# sql = 'insert into user(name,password) values("jerry","666")'
# sql = 'update user set name = "jasonhs" where id = 1'
sql = 'delete from user where id = 6'
cursor.execute(sql)
"""
增删改操作 都必须加一句
conn.commit()操作
"""
# conn.commit()
# username = input('username>>>:')
# password = input('password>>>:')
# sql = "select * from user where name =%s and password = %s"
# print(sql)
# res = cursor.execute(sql,(username,password)) # 能够帮你自动过滤特殊符号 避免sql注入的问题
# # execute 能够自动识别sql语句中的%s 帮你做替换
# if res:
# print(cursor.fetchall())
# else:
# print('用户名或密码错误')
"""
sql注入 就是利用注释等具有特殊意义的符号 来完成一些骚操作
后续写sql语句 不要手动拼接关键性的数据
而是让excute帮你去做拼接
"""
# 不要手动去拼接查询的sql语句
username = input(">>>:").strip()
password = input(">>>:").strip()
sql = "select * from user where username='%s' and password='%s'"%(username,password)
# 用户名正确
username >>>: jason' -- jjsakfjjdkjjkjs
# 用户名密码都不对的情况
username >>>: xxx' or 1=1 --asdjkdklqwjdjkjasdljad
password >>>: ''
Nine, additions and deletions
# 增
sql = "insert into user(username,password) values(%s,%s)"
rows = cursor.excute(sql,('jason','123'))
# 修改
sql = "update user set username='jasonDSB' where id=1"
rows = cursor.excute(sql)
"""
增和改单单执行excute并不会真正影响到数据,需要再执行conn.commit()才可以完成真正的增改
"""
# 一次插入多行记录
res = cursor,excutemany(sql,[(),(),()]