pymysql
Installation: pip install pymysql
connection
import pymysql
# 连接数据库的参数
conn =pymysql.connect(host='localhost',user='root',password='',database='feng',charset='utf8')
# cursor=conn.cursor()#默认返回的值是元祖类型
cursor=conn.cursor(cursor=pymysql.cursors.DictCursor)#返回的值是字典类型check
import pymysql
# 连接数据库的参数
conn =pymysql.connect(host='localhost',user='root',password='',database='feng',charset='utf8')
# cursor=conn.cursor()#默认返回的值是元祖类型
cursor=conn.cursor(cursor=pymysql.cursors.DictCursor)#返回的值是字典类型
sql="select * from userinfo"
cursor.execute(sql)
# res=cursor.fetchall()#取出所以的数据,返回的是列表套字典
res=cursor.fetchone()#取出一条数据,返回的是字典类型
# res=cursor.fetchmany(12)#制定获取多少条数据,返回的是列表套字典
print(res)
cursor.close()
conn.close()sql injection problems
Enter Username: zekai 'or 1 = 1 #
Enter password: sdsdfsdf
select * from user where name='zekai ' or 1=1 #' and password ='fsdff;
Causes:
Because too believe that user input, do not do any testing
Solution:
import pymysql
user=input('输入用户名').strip()
pwd=input('输入密码').strip()
conn=pymysql.connect(host='localhost',user='root',password='',database='feng',charset='utf8')
cursor=conn.cursor(cursor=pymysql.cursors.DictCursor)
# 解决注入的问题
sql="select * from user where name=%s and password=%s"
cursor.execute(sql,(user,pwd))
res=cursor.fetchall()
print(res)
cursor.close()
conn.close()
if res:
print('登录成功')
else:
print('登录失败')
increase
import pymysql
conn=pymysql.connect(host='localhost',user='root',password='',database='feng',charset='utf8')
cursor=conn.cursor(cursor=pymysql.cursors.DictCursor)
sql="insert into user (name,password) values (%s,%s)"
cursor.execute(sql,('nick','123'))#新增一条数据
print(cursor.lastrowid)#获取最后一行的id值
#添加多条记录
# data=[
# ('tank','456'),
# ('jason','789'),
# ('egon','123')
# ]
#
# cursor.executemany(sql,data)
conn.commit()#这一行一定要加 插入成功
cursor.close()
conn.close()change
import pymysql
conn= pymysql.connect(host='localhost',user='root',password='',database='feng',charset='utf8')
cursor=conn.cursor(cursor=pymysql.cursors.DictCursor)
sql="update user set name=%s where id=%s"
cursor.execute(sql,('lisia',2))
# data=[
# ('nick',3),
# ('nick',4),
# ('nick',5),
# ]
# cursor.executemany(sql,data)
conn.commit()
cursor.close()
conn.close()
delete
import pymysql
conn= pymysql.connect(host='localhost',user='root',password='',database='feng',charset='utf8')
cursor=conn.cursor(cursor=pymysql.cursors.DictCursor)
sql="delete from user where id=%s"
cursor.execute(sql,(1,))
conn.commit()
cursor.close()
conn.close()
Additions and deletions can delete multiple records are of d
index
Why use the index as well as the role of all:
It is to use the index to improve query efficiency
analogy
Dictionary catalog
Index of nature:
A special file
The underlying principle of the index
B + Tree
Type index
Primary key index: accelerate Find + + can not repeat can not be null primary key
The only index: + can not be repeated acceleration find unique (field names)
United unique index: unique (Field 1, Field 2)
Ordinary Index: Accelerated index index (field names)
Joint general index: index (Field 1, Field 2)
Creating an index
Primary key index
New primary key index
create table 表名(
字段名 int auto_increment,
primary key(字段名)
)
alter table 表名 change 字段名 字段名 auto_increment primary key;
alter table 表名 add primary key(字段名)Drop Primary Index
alter table 表名 drop primary key;The only index
Add a unique index
create table 表名(
id int auto_increment primary key,
字段名 varchar(32) not null default '',
unique 索引名 (name)
)
create unique index 索引名 on 表名(字段名);
alter table 表名 add unique index 索引名(字段名)Delete unique index
alter table 表名 drop index 索引名;General index
New general index
create table 表名(
id int auto_increment primary key,
字段名 varchar(32) not null default '',
index 索引名 (字段名)
)
create index 索引名 on 表名(字段名);
alter table 表名 add index 索引名 (字段名);Delete general index
alter table 表名 drop index 索引名;The advantages and disadvantages of index
* .Ibd seen by looking at the file:
1. speed up the query speed index
2. However, the addition of the index, will take up a lot of disk space
The index is not better
It will not hit the index case
a. 不能在SQL语句中,进行四则运算,会降低SQL的查询效率
b. 使用函数
select * from tbi where reverse(email)='zekai';
c. 类型不一致
如果列是字符串类型,传入条件是不许用引号引起来,不然会很慢
select * from tbi where email=999;
d. order by
当根据索引排序时,select查询的字段如果不是索引,则速度依旧很慢
特别:如果对主键排序,则速度很快;
select name from tbi order by nid desc;
e. count(1)或者count(列) 代替 count(*) count(*)会很慢
f. 组合索引最左前缀
什么时候会创建联合索引?
根据公司的业务场景,在最常见的激烈上添加索引
select * from user where name='zekai' and email='[email protected]';
错误的做法:
index ix_name (name)
index ix_email (email)
正确的做法:
index ix_name_email (name,email)
如果组合索引为:index ix_name_email (name,email)
where name='zekai' and email='xxx' ---命中索引
where naem='zekai' ---命中索引
where email='xxx' ---未命中索引
例子:
index(a,b,c,d)
where a=2 and b=3 and c=4 and d=5 ---命中索引
where a=2 and c=4 and d=5 ---未命中索引
g. explain
explain select * from user where name='zekai' and email='[email protected]';
id: 1
select_type: SIMPLE
table: user
partitions: NULL
type: ref 索引指向 all
possible_keys: ix_name_email 可能用到的索引
key: ix_name_email 确实用到的索引
key_len: 214 索引长度
ref: const,const
rows: 1 扫描的长度
filtered: 100.00
Extra: Using index 使用到了索引
索引覆盖:
select id from user where id=2000;通过索引本身查找本身Slow query log
show variables like '%slow%';
+---------------------------+-----------------------------------------------+
| Variable_name | Value |
+---------------------------+-----------------------------------------------+
| log_slow_admin_statements | OFF |
| log_slow_slave_statements | OFF |
| slow_launch_time | 2 |
| slow_query_log | OFF ### 默认关闭慢SQl查询日志, on
| slow_query_log_file | D:\mysql-5.7.28\data\DESKTOP-910UNQE-slow.log | ## 慢SQL记录的位置
+---------------------------+-----------------------------------------------+
5 rows in set, 1 warning (0.08 sec)
mysql> show variables like '%long%';
+----------------------------------------------------------+-----------+
| Variable_name | Value |
+----------------------------------------------------------+-----------+
| long_query_time | 10.000000 |
配置慢SQL的变量:
set global 变量名=值
set global slow_query_log=on;
set global slow_query_log_file="D:/mysql-5.7.28/data/myslow.log";
set global long_query_time=1;