table of Contents
pymysql operational database
Simple operation
import pymysql # pip install pymysql
# 连接数据库的参数
conn = pymysql.connect(host= 'localhost',
user='root',
password = '123',
database='db3',
charset = 'utf8')
# cursor = conn.cursor() # <pymysql.cursors.Cursor object at 0x000000000A0E2C50>,游标对象,默认返回的值是元祖类型
cursor = conn.cursor(cursor = pymysql.cursors.DictCursor) # <pymysql.cursors.DictCursor object at 0x000000000A0E2C88> 返回的值是字典类型
# print(cursor)
sql = "select name from userinfo where id>10"
cursor.execute(sql)
res= cursor.fetchall() # #取出所有的数据 返回的是列表套字典
# res = cursor.fetchone() # 只获取一条数据
# res = cursor.fetchmany(size) # 可指定参数, 取出size条数据 返回的是列表套字典
print(res)
cursor.close()
conn.close()
'''
[{'name': '丁丁'}, {'name': '星星'}, {'name': '格格'}, {'name': '张野'}, {'name': '程咬金'}, {'name': '程咬银'}, {'name': '程咬铜'}, {'name': '程咬铁'}]
'''sql injection problem
import pymysql
user = input('输入用户名:').strip()
password = input('输入密码:').strip()
# 连接数据库的参数
conn = pymysql.connect(host= 'localhost',
user='root',
password = '123',
database='db3',
charset = 'utf8')
# cursor = conn.cursor() # <pymysql.cursors.Cursor object at 0x000000000A0E2C50>,游标对象,默认返回的值是元祖类型
cursor = conn.cursor(cursor = pymysql.cursors.DictCursor) # <pymysql.cursors.DictCursor object at 0x000000000A0E2C88> 返回的值是字典类型
# print(cursor)
sql = "select * from user where name='%s' and password='%s'"%(user,password)
print(sql)
# exit()
cursor.execute(sql)
res= cursor.fetchall() # #取出所有的数据 返回的是列表套字典
# res = cursor.fetchone() # 只获取一条数据
# res = cursor.fetchmany(size) # 可指定参数, 取出size条数据 返回的是列表套字典
print(res)
if res:
print('登录成功!')
else:
print('登录失败!')
cursor.close()
conn.close()
'''
输入用户名:zhang' #
输入密码:123
select * from user where name='zhang' #' and password='123'
[{'name': 'zhang', 'password': '123 '}]
登录成功!
'''
'''
输入用户名:zhang' or 1=1 #
输入密码:123
select * from user where name='zhang' or 1=1 #' and password='123'
[{'name': 'zhang', 'password': '123 '}]
登录成功!
'''
# 输入用户名的时候,输入‘#’将后面的密码验证部分注释掉了,语句变成了select * from user where name='zhang' 或者 select * from user where name='zhang' or 1=1,直接跳过了密码的验证环节,出现了sql语句的注入问题。sql injection Problem Solution
# 出现sql注入问题主要是我们对用户输入没有做合法性验证,
# 方法1:如果对用户输入的值进行判断或者转译,检查完之后或者转译后就不会出现此类问题了。这样低级安全问题不该出现!
# 方法2:将参数以元组或列表的形式传入execute中,让它帮我们转译和检验;即:cursor.execute(sql,(user,password))
import pymysql
user = input('输入用户名:').strip()
password = input('输入密码:').strip()
# 连接数据库的参数
conn = pymysql.connect(host= 'localhost',
user='root',
password = '123',
database='db3',
charset = 'utf8')
# cursor = conn.cursor() # <pymysql.cursors.Cursor object at 0x000000000A0E2C50>,游标对象,默认返回的值是元祖类型
cursor = conn.cursor(cursor = pymysql.cursors.DictCursor) # <pymysql.cursors.DictCursor object at 0x000000000A0E2C88> 返回的值是字典类型
# print(cursor)
sql = "select * from user where name=%s and password=%s"
print(sql)
# exit()
cursor.execute(sql,(user,password))
res= cursor.fetchall() # #取出所有的数据 返回的是列表套字典
# res = cursor.fetchone() # 只获取一条数据
# res = cursor.fetchmany(size) # 可指定参数, 取出size条数据 返回的是列表套字典
print(res)
if res:
print('登录成功!')
else:
print('登录失败!')
cursor.close()
conn.close()
'''
输入用户名:zhang
输入密码:123
select * from user where name=%s and password=%s
[{'name': 'zhang', 'password': '123 '}]
登录成功!
'''
'''
输入用户名:zhang' #
输入密码:123
select * from user where name=%s and password=%s
()
登录失败!
'''sql injection issue summary template
产生的原因:
因为过于相信用户输入的内容, 根本没有做任何的检验
解决的方法:
sql = "select * from user where name=%s and password=%s"
# execute帮我们做字符串拼接,我们无需且一定不能再为%s加引号了
cursor.execute(sql, (user, pwd))
连接:
### 连接数据库的参数
conn = pymysql.connect(host='localhost',user='root',password='123qwe',database='test',charset='utf8')
# cursor = conn.cursor() ### 默认返回的值是元祖类型
cursor = conn.cursor(cursor=pymysql.cursors.DictCursor) ### 返回的值是字典类型 (*********)
查:
fetchall() : 取出所有的数据 返回的是列表套字典
fetchone() : 取出一条数据 返回的是字典
fetchmany(size) : 取出size条数据 返回的是列表套字典Operation using pymysql database (CRUD), conn.commit ()
# 插入
import pymysql
# 连接数据库的参数
conn = pymysql.connect(host= 'localhost',
user='root',
password = '123',
database='db3',
charset = 'utf8')
cursor = conn.cursor(cursor = pymysql.cursors.DictCursor)
sql = "insert into user(name,password) values(%s,%s)"
print(sql) # insert into user(name,password) values(%s,%s)
# cursor.execute(sql,("tank",'qwe')) # 插入单条
data=[('小王','111'),('小张','222'),('小李','333'),('小张','444'),]
cursor.executemany(sql,data) # 插入多条
conn.commit()
cursor.close()
conn.close()
# 插入单条情况下
'''
mysql> select * from user;
+-------+----------+
| name | password |
+-------+----------+
| zhang | 123 |
| tank | qwe |
+-------+----------+
2 rows in set (0.00 sec)
'''
# 插入多条情况下
'''
mysql> select * from user;
+--------+----------+
| name | password |
+--------+----------+
| zhang | 123 |
| tank | qwe |
| tank | qwe |
| 小王 | 111 |
| 小张 | 222 |
| 小李 | 333 |
| 小张 | 444 |
+--------+----------+
7 rows in set (0.00 sec)
'''# 修改
先给user表增加一个id索引字段;
mysql> alter table user add id int primary key auto_increment FIRST;
Query OK, 0 rows affected (0.50 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> select * from user;
+----+--------+----------+
| id | name | password |
+----+--------+----------+
| 1 | zhang | 123 |
| 2 | tank | qwe |
| 3 | tank | qwe |
| 4 | 小王 | 111 |
| 5 | 小张 | 222 |
| 6 | 小李 | 333 |
| 7 | 小张 | 444 |
+----+--------+----------+
7 rows in set (0.00 sec)
# 进行修改操作 将 id=6 的记录的 name 字段的名字修改为 ‘小李子’
import pymysql
# 连接数据库的参数
conn = pymysql.connect(host= 'localhost',
user='root',
password = '123',
database='db3',
charset = 'utf8')
cursor = conn.cursor(cursor = pymysql.cursors.DictCursor)
sql = "update user set name = %s where id = %s"
cursor.execute(sql,('小李子',6)) # 插入多条
conn.commit()
cursor.close()
conn.close()
'''
mysql> select * from user;
+----+-----------+----------+
| id | name | password |
+----+-----------+----------+
| 1 | zhang | 123 |
| 2 | tank | qwe |
| 3 | tank | qwe |
| 4 | 小王 | 111 |
| 5 | 小张 | 222 |
| 6 | 小李子 | 333 |
| 7 | 小张 | 444 |
+----+-----------+----------+
7 rows in set (0.00 sec)
'''# 删除
import pymysql
# 连接数据库的参数
conn = pymysql.connect(host= 'localhost',
user='root',
password = '123',
database='db3',
charset = 'utf8')
cursor = conn.cursor(cursor = pymysql.cursors.DictCursor)
sql = "delete from user where id>%s"
cursor.execute(sql,6) # 插入多条
conn.commit()
cursor.close()
conn.close()
'''
mysql> select * from user;
+----+-----------+----------+
| id | name | password |
+----+-----------+----------+
| 1 | zhang | 123 |
| 2 | tank | qwe |
| 3 | tank | qwe |
| 4 | 小王 | 111 |
| 5 | 小张 | 222 |
| 6 | 小李子 | 333 |
+----+-----------+----------+
6 rows in set (0.00 sec)
'''index
1. Why have indexes
General applications, read and write in the ratio of about 10: 1, and rarely insert and update operations general performance problems in a production environment, we encounter the most, is the most problematic, or some complex query operation, thus optimizing the query statement is clearly a top priority. Speaking to speed up queries, we have to mention the index
2. What is the index?
In MySQL indexes also called "key", it is a data structure storage engine used to quickly find the record. Index for good performance
is critical, especially when the amount of data in the table more and more, the index more important effect on performance.
Index optimization should be the most effective means to optimize the performance of queries. Index can easily improve query performance by several orders of magnitude.
Dictionary index is equivalent to the sequencer table, if you want to check a word, if you do not use the sequencer table, you will need hundreds of pages from one page to check.
3. The advantages and disadvantages of the use of the index
If too many indexes, the application's performance may be affected. The index too, will produce the impact on query performance, to find a balance, which is critical to the performance of the application. Of course, the index is also not possible, I have encountered such a problem: For a certain MySQL server iostat show disk usage has been at 100 percent, after analysis found that due to the developers to add too many index, delete after some unnecessary index, disk usage immediately dropped to 20%. Add a visible index is very technical content.
Benefits: improve query performance; drawback: after adding the index will take up a lot of disk space
4. Index principle
B + Tree
Essentially: to filter out the final results you want by constantly want to narrow the scope of access to data, while the random events become the order of events, that is to say, with this indexing mechanism, we can always use the same Find a way to lock data types
# 插入3000,000条数据做实验 哈哈哈哈 !!!!
import pymysql
# 连接数据库的参数
conn = pymysql.connect(host= 'localhost',
user='root',
password = '123',
database='db3',
charset = 'utf8')
cursor = conn.cursor(cursor = pymysql.cursors.DictCursor)
l=[]
for i in range(3000000):
res=(f'小张{i}',str(i))
l.append(res)
sql = "insert into user(name,password) values(%s,%s)"
cursor.executemany(sql,l) # 插入多条
conn.commit()
cursor.close()
conn.close()
'''
| 1033019 | 小张2829 | 2829 |
| 1033020 | 小张2830 | 2830 |
| 1033021 | 小张2831 | 2831 |
| 1033022 | 小张2832 | 2832 |
| 1033023 | 小张2833 | 2833 |
| 1033024 | 小张2834 | 2834 |
| 1033025 | 小张2835 | 2835 |
| 1033026 | 小张2836 | 2836 |
| 1033027 | 小张2837 | 2837 |
| 1033028 | 小张2838 | 2838 |
| 1033029 | 小张2839 | 2839 |
| 1033030 | 小张2840 | 2840 |
| 1033031 | 小张2841 | 2841 |
| 1033032 | 小张2842 | 2842 |
| 1033033 | 小张2843 | 2843 |
| 1033034 | 小张2844 | 2844 |
| 1033035 | 小张2845 | 2845 |
| 1033036 | 小张2Ctrl-C -- sending "KILL QUERY 1" to server ...
846 Ctrl-C -- query aborted.
| 2846 |
+---------+---------------+----------+
3000006 rows in set (2.46 sec)
'''
5. Index of species
索引的种类:(**************************)
主键索引: 加速查找 + 不能重复 + 不能为空 primary key
唯一索引: 加速查找 + 不能重复 unique(name)
联合唯一索引:unique(name, email)
例子:
zekai [email protected]
zekai [email protected]
普通索引: 加速查找 index (name)
联合索引: index (name, email)Creating an index
Primary key index
主键索引:
新增主键索引:
create table xxx(
id int auto_increment ,
primary key(id)
)
改:
alter table xxx change id id int auto_increment primary key;
alter table xxx modify id int auto_increment primary key; # 同上
alter table t1 add primary key (id);
删除主键索引:
mysql> alter table t1 drop primary key;
The only index
唯一索引:
新增:
1.
create table t2(
id int auto_increment primary key,
name varchar(32) not null default '',
unique u_name (name)
)charset utf8
2.
CREATE UNIQUE INDEX 索引名 ON 表名 (字段名) ;
create unique index ix_name on t2(name);
3.
alter table t2 add unique index ix_name (name)
删除:
alter table t2 drop index u_name;General index
普通索引:
新增:
1.
create table t3(
id int auto_increment primary key,
name varchar(32) not null default '',
index u_name (name)
)charset utf8
2.
CREATE INDEX 索引名 ON 表名 (字段名) ;
create index ix_name on t3(name);
3.
alter table t3 add index ix_name (name)
删除:
alter table t3 drop index u_name;