Database operations (c)

Database operations (c)

1.Navicat Tools

In the official website to download navicat Tools, and then double-click the shortcut to fool good after installation opens into the main interface:

　　　　

As the mysql client, we need to connect mysql server

　　　　In the pop-up interface input mysql server ip address and port, as well as the user name and password mysql

　　　　

　　　　

　　　　

　　　　

　　　　

　　　　

　　　　

　　　　

　　　　

About collation we look at these two blog will understand:

　　　　　　https://www.cnblogs.com/adforce/p/3282404.html

　　　　　　https://www.jb51.net/article/48775.htm

Click OK on the above steps built up a database:

　　　　

Then we went to the top of a new table inside the database

　　　　

　　　　

　　　　

　　　　

That is, we go to execute to generate the corresponding sql statement by the click of a mouse

Then click Save:

　　　　

This table is generated:

　　　　

Do not believe we went to take a look at the command line: This table has been in existence

　　　　

After we directly use this tool to manipulate the database on it, because command-line operation is quite cumbersome

Then we look at the establishment of a foreign key

　　　　

　　　　

Then automatically generates a corresponding sql statement

　　　　

　　　　

　　　　

　　　　

Then click Save, from a table, there is a table

　　　　

Then double-click the name of the table above can be inserted into the data

　　　　

Let's say we id field above the table is not set dep increment, I would like to change it, to make it the id field becomes how to do auto-incremented

Design table:

　　　　

　　　　

　　　　

Then how are we to do it, just delete the table and then re-create it? Another association table you certainly will not let you do that, you need to first so that foreign key relationships associated table to cancel, or first delete the foreign key table

　　　　

Then the foreign key to delete the associated table, and then save

We want to give the id field that dep table id field plus the increment inside the id field to increment, save, and then again in the emp table foreign key to the dep

Dep data table to insert several

　　　　

　　　　

　　　　This tool can also be the relationship between your table in the form of graphics to show you:

　　　　

　　　　

　Click on the ER diagram, graph between the two is displayed, then the future of your table a lot of time, you will be able to see the relationship between their table and the table through this chart to see results:

　　　　

If we click on the line between two tables, we can see the relationship between the two:

　　　　

　You can also select the above model to directly create charts, create relationships between tables

　　　　

　　　　

　But what this model we have established, can not be created directly inside the database, you need to import it in the form of sql, then export the sql statement to the database to perform inside

　　　　

　And then export to save a place

　　　　

Open the exported file we look at what's inside

　　　

　This is the model created translated into sql statement, sql replication at these statements, but inside mysql to execute it, just wait until we model the inside of the two tables, and very convenient

Navicat tool can write native sql statements to operate the database

　　　　

To see an input interface of sql statement:

　　　　

Then try to write a sql statement:

　　　　

　　　　

Then run it:

　　　　　

　We can also guide before the database out of the data, in the form of sql file into the database by navicat:

　First, we create a new library:

　　　　　　

　　Then select the database, right click and select Run sql file;

　　　　　　

　　　　　　

　　　　　　

　　Note that the above step, directly off it, do not click again to start the

　　　　　　

　By then ER diagram, take a look at the relationship between each table to see very clearly.

2.pymysql module

pymysql mysql is operating in python, which is running a client socket in python end.

#安装
pip install pymysql

import pymysql

conn = pymysql.connect(
        host = '127.0.0.1',   #主机ip
        port = 3306,          #端口号
        user = 'root',          #用户名
        password = '123',     #密码
        database = 'learn',   #需要连接的库
        charset = 'utf8')    
cursor = conn.cursor()   #游标相当于命令行的 mysql>
#cursor = conn.cursor(pymysql.cursors.DictCursor)  
#默认游标取出的数据结构为元组类型即((),()...),DictCusor获取字典数据类型,对应的数据结构是[{},{}..]
sql = 'select * from dep;'
ret = cuosor.execute(sql)    #ret为受影响的行数
print(ret)
print(cursor.fetchone())  #取出单条数据记录
print(cursor.fetchmany(3))  #取出多条,即取出3条数据记录
print(cursor.fetchall())   #取出全部数据记录

cursor.scroll(2,'absolute') 
#absolute 绝对移动,相对于数据最开始的位置进行光标的移动
cursor.scroll(2,'relative')
#relative 相对移动,按照光标当前位置来进行光标的移动

conn.commit()  #增删改都必须进行提交操作(commit)

cursor.close() #关闭游标
conn.close()   #关闭连接




ps:
print(cursor.lastrowid)  #获取插入的最后一条数据的自增ID

sql注入:
    
    
#我们来使用数据来进行一下用户名和密码的认证操作
import pymysql

conn = pymysql.connect(
    host='127.0.0.1',
    port=3306,
    user='root',
    password='666',
    database='crm',
    charset='utf8'
)

cursor = conn.cursor(pymysql.cursors.DictCursor)
uname = input('请输入用户名：')
pword = input('请输入密码：')

sql = "select * from userinfo where username='%s' and password='%s';"%(uname,pword)

res = cursor.execute(sql) #行数受到影响则不为0,即True

print(res) 
if res:
    print('登陆成功')
else:
    print('用户名和密码错误！')

#通过上面的验证方式，比我们使用文件来保存用户名和密码信息的来进行验证操作要方便很多。


但是
1.知道用户名不知道密码的情况下输入(asfdf为随意输入的字符)
uname:asfdf' -- 
pword:随意输入   
发现也可以登陆成功,是利用了mysql中 -- 注释的方法修改了mysql指令
2.不知道用户名也不知道密码的情况下输入
uname:asfdf' or 1 =1 -- 
pword:随意输入
发现也可以登陆成功,是利用了注释加or运算修改了mysql指令

这就是mysql注入的问题,解决办法:
    cursor.execute(sql,[参数1,参数2...])
    
即:
    
import pymysql

conn = pymysql.connect(
    host='127.0.0.1',
    port=3306,
    user='root',
    password='666',
    database='crm',
    charset='utf8'
)

cursor = conn.cursor(pymysql.cursors.DictCursor)
uname = input('请输入用户名：')
pword = input('请输入密码：')

sql = "select * from userinfo where username='%s' and password='%s';"

res = cursor.execute(sql,[uname,pword]) #行数受到影响则不为0,即True

print(res) 
if res:
    print('登陆成功')
else:
    print('用户名和密码错误！')