table of Contents
PyMySQL basic use, and SQL injection problems
PyMySQL basic use
Is a can help us use the code to operate the module database, the installation, you can import
Then you can use the import
# pymysql基本使用
import pymysql
conn = pymysql.connect(
user='root',
password='123',
host='127.0.0.1',
port=3306,
charset='utf8',
database='db3'
)
cursor = conn.cursor(cursor=pymysql.cursors.DictCursor) # 产生一个游标对象
# 括号中cursor=pymysql.cursors.DictCursor 是将查询出来的结果制作成字典的形式返回
sql = "select * from user_info" # 在pycharm中,加不加分号无所谓,pymysql会自动给你加
res = cursor.execute(sql) # 执行sql语句
# print(res) # ---> 3 execute返回的时候当前sql所影响的行数
# ret = cursor.fetchone() # 只获取查询结果中的一条数据
# ret = cursor.fetchall() # 获取查询结果的所有数据
# ret = cursor.fetchmany(2) # 指定获取几条数据,如果数字超过了也不会报错
# print(ret)
# print(cursor.fetchone())
# print(cursor.fetchone())
# 相对移动
cursor.scroll(2,'relative') # 基于指针所在位置,往后偏移
# 绝对移动
cursor.scroll(1, 'absolute') # 基于起始位置,往后偏移
print(cursor.fetchall())cursor.fetchone()Get only a data query resultscursor.fetchall()Get all the data query resultscursor.fetchmany(2)Designated several data acquisition
SQL injection problems
sql injection question refers to
- The use of special symbols and comment syntax, cleverly bypass the real efficacy sql
Solution
- Critical data, do not go their own hand stitching, but handed over to execute help you to splice
import pymysql
conn = pymysql.connect(
user='root',
passwd='123',
db='db3',
host='127.0.0.1',
port=3306,
charset='utf8'
)
cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
# 获取用户输入的用户名和密码,然后去数据库中校验
username = input('username>>>:').strip()
password = input('password>>>:').strip()
# sql = "select * from user_info where username='%s' and password='%s'" % (username,password) # 注意:不要自己拼接
sql = "select * from user_info where username=%s and password=%s"
print(sql)
cursor.execute(sql, (username, password))
res = cursor.fetchall()
if res:
print(res)
else:
print('username or password error')Deletions data change search
First to say an example
import pymysql
conn = pymysql.connect(
user = 'root',
passwd = '123',
db = 'db3',
host = '127.0.0.1',
port = 3306,
charset = 'utf8'
)
cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
# 增
sql = "insert into user_info(username,password) values('jason_dsb',111)"
# 改
# sql = "update user_info set username='jason_dsb' where id = 2"
# 删除
# sql = "delete from user_info where id=1"
res = cursor.execute(sql)
print(res) # 结果---> 1Can be found, the results of each statement is 1, execution of the statement proved affect a data, but found the same database data
why?
because: for CRUD operations are performed on data in the database of the actual operation, the implementation of a higher degree of importance, therefore, must be confirmed by step operation (commit)
conn.commit()Confirm the current operation, truly synchronized to the database
import pymysql
conn = pymysql.connect(
user = 'root',
passwd = '123',
db = 'db3',
host = '127.0.0.1',
port = 3306,
charset = 'utf8'
)
cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
# 增
sql = "insert into user_info(username,password) values('tank_dsb',111)"
# 改
# sql = "update user_info set username='jason_dsb' where id = 2"
# 删除
# sql = "delete from user_info where id=1"
res = cursor.execute(sql)
conn.commit() # 确认当前操作,真正同步到数据库
print(res) # 结果---> 1
- Another way is, at the time of connection, define parameters
autocommit=Trueliteral translation to understand, and automatically submit confirmed
import pymysql
conn = pymysql.connect(
user = 'root',
passwd = '123',
db = 'db3',
host = '127.0.0.1',
port = 3306,
charset = 'utf8',
autocommit = True #自动提交确认
)
cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
# 增
# sql = "insert into user_info(username,password) values('tank_dsb',111)"
# 改
# sql = "update user_info set username='jason_dsb' where id = 2"
# 删除
sql = "delete from user_info where id=9"
res = cursor.execute(sql)
# conn.commit() # 确认当前操作,真正同步到数据库
print(res) # 结果---> 1
- to sum up
- The first way to manually add
conn.commit() - The second way to add parameters
autocommit = True
- The first way to manually add