conn=pyMysqL.connect(host=<span >'<span >localhost<span >',user=<span >'<span >root<span >',password=<span >'<span >123<span >',database=<span >'<span >egon<span >',charset='utf8<span >) #指定字符编码,可显示中文
<span >#<span >游标
cursor=<span >conn.cursor()
<span >#<span >执行SQL语句
sql=<span >'<span >select * from userinfo where name="%s" and password="%s"<span >' %(user,pwd) <span >#<span >注意%s需要加引号
<span >print<span >(sql)
res=cursor.execute(sql) <span >#<span >执行SQL语句,返回SQL查询成功的记录数目
<span >print<span >(res)
cursor.close()
conn.close()
<span >if<span > res:
<span >print(<span >'<span >登录成功<span >'<span >)
<span >else<span >:
<span >print(<span >'<span >登录失败<span >')
注意:符号--会注释掉它之后的sql,正确的语法:--后至少有一个任意字符
根本原理:就根据程序的字符串拼接name='%s',我们输入一个xxx' -- haha,用我们输入的xxx加'在程序中拼接成一个判断条件name='xxx' -- haha'
最后那一个空格,在一条SQL语句中如果遇到select * t1 where ID > 3 -- name=;则--<span >#<span >1、sql注入之:用户存在,绕过密码egon<span >'<span > -- 任意字符
<span >#
<span >2、sql注入之:用户不存在,绕过用户与密码xxx<span >'<span > or 1=1 -- 任意字符
<span >#
<span >改写为(execute帮我们做字符串拼接,我们无需且一定不能再为%s加引号了)sql=<span >"<span >select * from userinfo where name=%s and password=%s<span >" <span >#<span >!!!注意%s需要去掉引号,因为pyMysqL会自动为我们加上
<span >单条数据执行SQL语句
cursor.execute(sql,[user,pwd]) <span >#<span >pyMysqL模块自动帮我们解决sql注入的问题,只要我们按照pyMysqL的规矩来。
)四、增、删、改:conn.commit()conn=pyMysqL.connect(host=,database=cursor=<span >#<span >执行SQL语句<span ><span >part1<span ><span > sql='insert into userinfo(name,password) values("root","123456");'<span ><span > res=cursor.execute(sql) #执行SQL语句,返回sql影响成功的行数<span ><span > print(res)
<span >#
<span >part2<span ><span > sql='insert into userinfo(name,password) values(%s,%s);'<span ><span > res=cursor.execute(sql,("root","123456")) #执行SQL语句,返回sql影响成功的行数<span ><span > print(res)<span >#<span >part3
sql=<span >'<span >insert into userinfo(name,%s);<span >'<span >
res=cursor.executemany(sql,[(<span >"<span >root<span >",<span >"<span >123456<span >"),(<span >"<span >lhf<span >",<span >"<span >12356<span >"),(<span >"<span >eee<span >",<span >"<span >156<span >")]) <span >#<span >执行SQL语句,返回sql影响成功的行数
<span >print<span >(res)
conn.commit() <span >#<span >提交后才发现表中插入记录成功
<span >cursor.close()
conn.close()
sql==cursor.execute(sql)
#查单条res1=res2=res3= (3,‘root’,'123456')
res4=cursor.fetchmany(2 ,)
res5=( %conn.commit() <span >#<span >提交后才发现表中插入记录成功
<span >cursor.close()
conn.close()<span >'''<span >
(1,'root','123456')
(2,'123456')
(3,'123456')
((4,'123456'),(5,'123456'))
((6,(7,'lhf','12356'),(8,'eee','156'))
8 rows in set (0.00 sec)
<span >'''六、获取插入的最后一条数据的自增ID=pyMysqL.connect(host=,charset='utf8=sql=<span >'<span >insert into userinfo(name,password) values("xxx","123");<span >'<span >
rows=<span >cursor.execute(sql)
conn.commit()
<span >cursor.close()
conn.close()七、自定义sqlhelper!<span >class<span > sqlHelper(object):
</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">def</span> <span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #800080;"><a href="https://www.jb51.cc/tag/init/" target="_blank" >__init__</a></span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;">(self): self.conn </span>=<span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> None self.cursor </span>=<span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> None</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">def</span> open(self,cursor=<span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;">py<a href="https://www.jb51.cc/tag/MysqL/" target="_blank" >MysqL</a>.cursors.DictCursor): self.conn </span>=<span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> db_po<a href="https://m.jb51.cc/tag/ol/" target="_blank" >ol</a>.PO<a href="https://m.jb51.cc/tag/ol/" target="_blank" >ol</a>.connection() self.cursor </span>= self.conn.cursor(cursor=<span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;">cursor)</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">def</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> close(self): self.cursor.close() self.conn.close()</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">def</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> fetchone(self,<a href="https://www.jb51.cc/tag/sql/" target="_blank" >sql</a>,p<a href="https://www.jb51.cc/tag/ara/" target="_blank" >ara</a>ms): cursor </span>=<span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> self.cursor cursor.execute(<a href="https://www.jb51.cc/tag/sql/" target="_blank" >sql</a>,p<a href="https://www.jb51.cc/tag/ara/" target="_blank" >ara</a>ms) res<a href="https://m.jb51.cc/tag/ul/" target="_blank" >ul</a>t </span>=<span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> cursor.fetchone() </span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">return</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> res<a href="https://m.jb51.cc/tag/ul/" target="_blank" >ul</a>t</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">def</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> fetchall(self,p<a href="https://www.jb51.cc/tag/ara/" target="_blank" >ara</a>ms) res<a href="https://m.jb51.cc/tag/ul/" target="_blank" >ul</a>t </span>=<span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> cursor.fetchall() </span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">return</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> res<a href="https://m.jb51.cc/tag/ul/" target="_blank" >ul</a>t</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">def</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> create(self,p<a href="https://www.jb51.cc/tag/ara/" target="_blank" >ara</a>ms) self.conn.commit() </span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">return</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> self.cursor.lastrow<a href="https://m.jb51.cc/tag/ID/" target="_blank" >ID</a></span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">def</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> delete(self,p<a href="https://www.jb51.cc/tag/ara/" target="_blank" >ara</a>ms) self.conn.commit()</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">def</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> update(self,p<a href="https://www.jb51.cc/tag/ara/" target="_blank" >ara</a>ms) self.conn.commit()</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">def</span> <span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #800080;">__enter__</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;">(self): self.<a href="https://www.jb51.cc/tag/open/" target="_blank" >open()</a> </span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">return</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;"> self</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">def</span> <span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #800080;">__exit__</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;">(self,exc_type,exc_val,exc_tb): self.close()</span></pre><div >
sqlHelper() helper.fetchone(, res<a href="https://m.jb51.cc/tag/ul/" target="_blank" >ul</a>t2 </span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #808080;">=</span> helper.fetchall(<span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #ff0000;">'</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #ff0000;">select * from users </span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #ff0000;">'</span>,<span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #ff0000;">[]</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;">) <span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #008000;">#查所有记录</span> helper.</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #0000ff;">create</span>(<span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #ff0000;">'</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #ff0000;">insert into user (<a href="https://m.jb51.cc/tag/name/" target="_blank" >name</a>,pwd) value(<a href="https://www.jb51.cc/tag/s/" target="_blank" >%s</a>,<a href="https://www.jb51.cc/tag/s/" target="_blank" >%s</a>)</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #ff0000;">'</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #000000;">,</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #ff0000;">[</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #ff0000;">'hc',123</span><span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #ff0000;">]</span>) <span https://m.jb51.cc/tag/color/" target="_blank" >color</a>: #008000;"> # <a href="https://m.jb51.cc/tag/chuangjian/" target="_blank" >创建</a>记录</span></pre>
使用时
总结 以上是内存溢出为你收集整理的pymysql模块全部内容,希望文章能够帮你解决pymysql模块所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)