table of Contents
First, installation and connection of the database
1.1 pymysql installation
pip install pymysql
1.2 python database connection
- Establish a database connection object conn
- Create a cursor object manipulation through sql conn
- Write sql to perform cursor
- If a query, get the results via cursor object
- Operation is completed, and the operation port is connected
import pymysql
# 注:pymysql不能提供创建数据库的服务,数据库要提前创建
1)建立数据库连接对象 conn
conn = pymysql.connect(user='root', passwd='123', database='oldboy')
2)通过 conn 创建操作sql的 游标对象
# 注:游标不设置参数,查询的结果就是数据元组,数据没有标识性
# 设置pymysql.cursors.DictCursor,查询的结果是字典,key是表的字段
cursor = conn.cursor(pymysql.cursors.DictCursor)
3)编写sql交给 cursor 执行More parameters Version 1.3
1.2.1 更多参数版
import pymysql
conn = pymysql.connect(
host='localhost', user='root', password="root",
database='db', port=3306, charset='utf-8',
)
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)Second, create a table operation
import pymysql
# 创建数据库连接
conn = pymysql.connect(user='root', passwd='123', database='mydb')
# 使用cursor()方法创建一个游标对象
coursor = conn.cursor()
# 使用sql语句创建表
sql1 = 'create table t1(id int, x int, y int)'
# 使用游标对象.excute执行这条语句
cursor.execute(sql1)
# 关闭数据库连接
conn.close()Third, the operation data
3.1 increase data
sql2 = 'insert into t1 values(%s, %s, %s)'
1.增1条记录
cursor.execute(sql2, (1, 10, 100))
cursor.execute(sql2, (2, 20, 200))
# 重点:在创建conn对象时,不设置autocommit,默认开启事务,增删改操作不会直接映射到数据库中,
# 需要执行 conn.commit() 动作
conn.commit()
#####################################cmd 图解
mysql> select * from t1;
+------+------+------+
| id | x | y |
+------+------+------+
| 1 | 10 | 100 |
| 2 | 20 | 200 |
+------+------+------+
2.增多条记录
cursor.executemany(sql2, [(3, 30, 300), (4, 40, 400)])
conn.commit()
#####################################cmd 图解
mysql> select * from t1;
+------+------+------+
| id | x | y |
+------+------+------+
| 1 | 10 | 100 |
| 2 | 20 | 200 |
| 3 | 30 | 300 |
| 4 | 40 | 400 |
+------+------+------+3.2 deletion
1.删除id为4的这条记录
sql3 = 'delete from t1 where id=%s'
cursor.execute(sql3, 4)
conn.commit()
############################### cmd 图解
mysql> select * from t1;
+------+------+------+
| id | x | y |
+------+------+------+
| 1 | 10 | 100 |
| 2 | 20 | 200 |
| 3 | 30 | 300 |
+------+------+------+3.3 update
1.删除id为2的这条记录
sql4 = 'update t1 set y=666 where id=2'
cursor.execute(sql4)
conn.commit()
################################ cmd 图解
mysql> select * from t1;
+------+------+------+
| id | x | y |
+------+------+------+
| 1 | 10 | 100 |
| 2 | 20 | 666 |
| 3 | 30 | 300 |
+------+------+------+3.4 query operation
1.查看t1表里的所有数据
sql5 = 'select * from t1'
row = cursor.execute(sql5) # 返回值是受影响的行
print(row)
2.如果是查询,通过 cursor对象 获取结果
#1.fetchone() 偏移一条取出
sql5 = 'select * from t1'
row = cursor.execute(sql5)
r1 = cursor.fetchone()
print(r1)
#结果:{'id': 1, 'x': 10, 'y': 100}
r2 = cursor.fetchone()
print(r2)
#结果:{'id': 2, 'x': 20, 'y': 666}
#2.fetchmany(n) 偏移n条取出
r3 = cursor.fetchmany(1)
print(r3)
#结果:[{'id': 3, 'x': 30, 'y': 300}]
#3.fetchall() 偏移剩余全部
r4 = cursor.fetchall()
print(r4)
#结果:[] 因为后面没有记录了,所以取出来是空的列表
5)操作完毕,端口操作与连接
cursor.close()
conn.close()Fourth, the cursor operation
import pymysql
from pymysql.cursors import DictCursor
# 1)建立数据库连接对象 conn
conn = pymysql.connect(user='root', passwd='root', db='oldboy')
# 2)通过 conn 创建操作sql的 游标对象
cursor = conn.cursor(DictCursor)
# 3)编写sql交给 cursor 执行
sql = 'select * from t1'
# 4)如果是查询,通过 cursor对象 获取结果
row = cursor.execute(sql)
if row:
r1 = cursor.fetchmany(2)
print(r1)
# 操作游标
# cursor.scroll(0, 'absolute') # absolute绝对偏移,游标重置,从头开始偏移
cursor.scroll(-2, 'relative') # relative相对偏移,游标在当前位置进行左右偏移
r2 = cursor.fetchone()
print(r2)
# 5)操作完毕,端口操作与连接
cursor.close()
conn.close()Five, pymysql affairs
import pymysql
from pymysql.cursors import DictCursor
conn = pymysql.connect(user='root', passwd='root', db='oldboy')
cursor = conn.cursor(DictCursor)
try:
sql = 'create table t2(id int, name char(4), money int)'
row = cursor.execute(sql)
print(row)
except:
print('表已创建')
pass
# 空表才插入
row = cursor.execute('select * from t2')
if not row:
sql = 'insert into t2 values(%s,%s,%s)'
row = cursor.executemany(sql, [(1, 'tom', 10), (2, 'Bob', 10)])
conn.commit()
# 可能会出现异常的sql
"""
try:
sql1 = 'update t2 set money=money-1 where name="tom"'
cursor.execute(sql1)
sql2 = 'update t2 set moneys=money+1 where name="Bob"'
cursor.execute(sql2)
except:
print('转账执行异常')
conn.rollback()
else:
print('转账成功')
conn.commit()
"""
try:
sql1 = 'update t2 set money=money-1 where name="tom"'
r1 = cursor.execute(sql1)
sql2 = 'update t2 set money=money+1 where name="ruakei"' # 转入的人不存在
r2 = cursor.execute(sql2)
except:
print('转账执行异常')
conn.rollback()
else:
print('转账没有异常')
if r1 == 1 and r2 == 1:
print('转账成功')
conn.commit()
else:
conn.rollback()Six, SQL injection problem
import pymysql
from pymysql.cursors import DictCursor
conn = pymysql.connect(user='root', passwd='root', db='oldboy')
cursor = conn.cursor(DictCursor)
try:
sql = 'create table user(id int, name char(4), password char(6))'
row = cursor.execute(sql)
print(row)
except:
print('表已创建')
pass
# 空表才插入
row = cursor.execute('select * from user')
if not row:
sql = 'insert into user values(%s,%s,%s)'
row = cursor.executemany(sql, [(1, 'tom', '123'), (2, 'bob', 'abc')])
conn.commit()
# 用户登录
usr = input('usr: ')
pwd = input('pwd: ')
# 自己拼接参数一定有sql注入,将数据的占位填充交给pymysql
"""
sql = 'select * from user where name="%s" and password="%s"' % (usr, pwd)
row = cursor.execute(sql)
if row:
print('登录成功')
else:
print('登录失败')
"""
sql = 'select * from user where name=%s and password=%s'
row = cursor.execute(sql, (usr, pwd))
if row:
print('登录成功')
else:
print('登录失败')
# 知道用户名时
# 输入用户时:
# tom => select * from user where name="tom" and password="%s"
# tom" # => select * from user where name="tom" #" and password="%s"
# 不自定义用户名时
# " or 1=1 # => select * from user where name="" or 1=1 #" and password="%s"