# 1. Installation: PIP3 insatll pymysql # 2. Code link Import pymysql # links Conn = pymysql.connect ( Host = ' localhost ' , User = ' the root ' , password = ' 123 ' , Database = ' Egon ' , charset = ' UTF8 ' ) # cursor cursor = conn.cursor () # finished to return a result set to the default display tuple #cursor = conn.cursor (cursor = pymysql.cursors.DictCursor) # manner shown in the dictionary data # 3.pymysql database operations # execute sql statement User = INPUT ( " >>>: " ) .strip () pwd = INPUT ( " >>>: " ) .strip () SQL = ' SELECT * from UserInfo WHERE name = "% s" and password = "% s" ' % (User, pwd) # Note% s requires quotes rows = Cursor. the execute (sql) # execute sql statement, sql query returns the number of successful record # obtain real data cursor.fetchone (), cursor.fetchall (), cursor.fetchmany (), the value of similar pipes, get one, all, more than cursor.scroll ( . 1, 'relative') # Relative movement cursor.scroll (3, ' Absolute ' ) # absolute movement cursor.close () conn.Close () `` ` # ### sql injection problems ` `` Python # do not go hand stitching query sql statement INPUT = username ( " >>>: " ) .strip () password = INPUT ( " >>>: " ) .strip () SQL = " SELECT * WHERE from User username = '% S' and password = 'S% ' " % (username, password) # username correct username >>>: Jason '- jjsakfjjdkjjkjs # User name and password are not on the username >>>: xxx ' or 1 = 1 --asdjkdklqwjdjkjasdljad password >>>: ' ' `` ` # ### additions and deletions to ` `` MySQL # by SQL = " INSERT INTO the User (username, password) values (% S,% S) " rows = cursor.excute (SQL, ( ' Jason ' , ' 123 ' )) # modify SQL = " Update User username = SET 'jasonDSB'. 1 WHERE ID = " rows = cursor.excute (SQL) "" " increase and improvement alone execution excute does not really affect the data, you must execute the conn.commit () can only be completed by a real change . "" " # Insert more rows RES = Cursor, excutemany (SQL, [(), (), ()] `` `