pymysql prevent sql injection case

Others 2019-09-13 07:02:59 views: null

from pymysql import connect


main DEF ():
"" "SQL demo" ""
# 1. Enter a statement, the appropriate content based on the id display

id = input ( "Please enter a query id")

2. Execute the sql statement #
# create connection Connection
conn = Connect (Host = 'localhost', Port = 3306, Database = 'jing_dong', the User = 'root', password = 'MySQL', charset = 'utf8')
# get Cursor object
cs1 = conn.cursor ()

# Sql = "" "select * from goods where id =% s;" "" After% id sql statements do not directly use string concatenation
sql = "" "select * from goods where id =% s;" "" after # sql statements do not directly use string concatenation

Print # (SQL)
cs1.execute (SQL, (ID,)) where # parameters directly after passed


data = cs1.fetchall()

cs1.close()
conn.close()

# 3. Print the result of 2
for the TEMP in the Data:
Print (the TEMP)


if __name__ == '__main__':
main()

Guess you like

Origin www.cnblogs.com/wjun0/p/11515444.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com