pymysql使用()

import pymysql

import pymysql

# 连接

conn = pymysql.connect(
    user='root',
    password='',
    host='127.0.0.1',
    port=3306,
    charset='utf8',
    database='day36'
)
# 游标
# cursor = conn.cursor()
cursor = conn.cursor(cursor=pymysql.cursors.DictCursor) # 产生一个右游标对象
# cursor=pymysql.cursors.DictCursor 将查询出的结果制作成字典形式返回
sql = 'select * from user_info'
res = cursor.execute(sql)  # 执行sql语句,返回sql查询成功的记录数目
# print(res)
# 查
# ret = cursor.fetchone()  # 只获取查询结果中的一条数据
# ret = cursor.fetchall() # 获取查询结果的所有数据
# ret = cursor.fetchmany(2) # 指定获取几条数据,如果数字超过总数也不会报错
# print(ret)



print(cursor.fetchone())
print(cursor.fetchone())
# 相对移动
# cursor.scroll(1, 'relative') # 基于指针所在的位置 往后偏移
# 绝对移动
cursor.scroll(3, 'absolute') # 基于起始位置 往后偏移
print(cursor.fetchall())

sql注入问题

'''
     利用特殊符号和注释语法,巧妙绕过真正的sql校验
     关键性的数据,不要自己手动去拼接,而是交由execute做拼接
'''
# sql注入之:用户存在,绕过密码
若输入lzn' -- 任意字符  会显示用户信息

# sql注入之:用户不存在,绕过用户与密码
若输入xxx' or 1=1 -- 任意字符  会显示所有信息  or后面的1=1条件永远成立


import pymysql

conn = pymysql.connect(
    user='root',
    password='',
    db='day36',
    host='127.0.0.1',
    port=3306,
    charset='utf8'
)

cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
# 获取用户输入的用户名和密码,然后去数据库中校验
username = input('username>>>:').strip()
password = input('password>>>:').strip()
# sql = "select * from user_info where name='%s' and password = '%s'"%(username, password)
# cursor.execute(sql)
sql = "select * from user_info where name=%s and password=%s"
cursor.execute(sql, [username, password])

res = cursor.fetchall()
if res:
    print(res)

else:
    print('username or password error!')

  
#解决方法
# sql = "select * from user_info where name='%s' and password='%s'"%(username,password)
# res = cursor.execute(sql)
#改写为(execute帮我们做字符凭借,我们无需切一定不能再为%s加引号,pymysql会自动加上)
# sql = "select * from user_info where name=%s and password=%s" 
# res = cursor.excute(sql,[username, password])

数据的增删改

import pymysql

conn = pymysql.connect(
    user='root',
    password='',
    db='day36',
    host='127.0.0.1',
    port=3306,
    charset='utf8',
    autocommit = True  # 自动提交确认
)

cursor = conn.cursor(cursor=pymysql.cursor.DictCursor)

# 增
sql = "insert into user_info(name, password) values('lll','111')"
# 改
sql = "update user_info set name='zzz' where id = 5"
# 删除
sql = "delete from user_info where id = 1"
res = cursor.execute(sql)
# conn.commit() # 确认当前操作,真正同步到数据库 已设置autocommit
print(res)


'''
针对增、删、改操作,执行重要程度偏高,必须要有一步确认操作(commit)
'''

课堂笔记

import pymysql
#连接数据库
conn=pymysql.connect(user='root', password="123",host="127.0.0.1",
        database="test",
        port=3306,
        charset="utf8")
#获取游标
cursor=conn.cursor(cursor=pymysql.cursors.DictCursor) #查出来字典形式
#操作 定义一个sql
# sql='select id,name from book'
# cursor.execute(sql)
# ret=cursor.fetchall()
# print(ret)
# [{'id': 1, 'name': 'zs'}, {'id': 2, 'name': 'ls'}]

#插入
# sql='insert into book(id,name) values (%s,%s)'
# cursor.execute(sql,[3,'wu'])
# conn.commit()
# conn.close()

#删除
# sql='delete from book where name=%s'
# cursor.execute(sql,['wu'])
# conn.commit()
# conn.close()

#更新
sql="update book set name=%s where id=%s"
cursor.execute(sql,["wu",1])
conn.commit()
————————

import pymysql

import pymysql

# 连接

conn = pymysql.connect(
    user='root',
    password='',
    host='127.0.0.1',
    port=3306,
    charset='utf8',
    database='day36'
)
# 游标
# cursor = conn.cursor()
cursor = conn.cursor(cursor=pymysql.cursors.DictCursor) # 产生一个右游标对象
# cursor=pymysql.cursors.DictCursor 将查询出的结果制作成字典形式返回
sql = 'select * from user_info'
res = cursor.execute(sql)  # 执行sql语句,返回sql查询成功的记录数目
# print(res)
# 查
# ret = cursor.fetchone()  # 只获取查询结果中的一条数据
# ret = cursor.fetchall() # 获取查询结果的所有数据
# ret = cursor.fetchmany(2) # 指定获取几条数据,如果数字超过总数也不会报错
# print(ret)



print(cursor.fetchone())
print(cursor.fetchone())
# 相对移动
# cursor.scroll(1, 'relative') # 基于指针所在的位置 往后偏移
# 绝对移动
cursor.scroll(3, 'absolute') # 基于起始位置 往后偏移
print(cursor.fetchall())

sql注入问题

'''
     利用特殊符号和注释语法,巧妙绕过真正的sql校验
     关键性的数据,不要自己手动去拼接,而是交由execute做拼接
'''
# sql注入之:用户存在,绕过密码
若输入lzn' -- 任意字符  会显示用户信息

# sql注入之:用户不存在,绕过用户与密码
若输入xxx' or 1=1 -- 任意字符  会显示所有信息  or后面的1=1条件永远成立


import pymysql

conn = pymysql.connect(
    user='root',
    password='',
    db='day36',
    host='127.0.0.1',
    port=3306,
    charset='utf8'
)

cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
# 获取用户输入的用户名和密码,然后去数据库中校验
username = input('username>>>:').strip()
password = input('password>>>:').strip()
# sql = "select * from user_info where name='%s' and password = '%s'"%(username, password)
# cursor.execute(sql)
sql = "select * from user_info where name=%s and password=%s"
cursor.execute(sql, [username, password])

res = cursor.fetchall()
if res:
    print(res)

else:
    print('username or password error!')

  
#解决方法
# sql = "select * from user_info where name='%s' and password='%s'"%(username,password)
# res = cursor.execute(sql)
#改写为(execute帮我们做字符凭借,我们无需切一定不能再为%s加引号,pymysql会自动加上)
# sql = "select * from user_info where name=%s and password=%s" 
# res = cursor.excute(sql,[username, password])

数据的增删改

import pymysql

conn = pymysql.connect(
    user='root',
    password='',
    db='day36',
    host='127.0.0.1',
    port=3306,
    charset='utf8',
    autocommit = True  # 自动提交确认
)

cursor = conn.cursor(cursor=pymysql.cursor.DictCursor)

# 增
sql = "insert into user_info(name, password) values('lll','111')"
# 改
sql = "update user_info set name='zzz' where id = 5"
# 删除
sql = "delete from user_info where id = 1"
res = cursor.execute(sql)
# conn.commit() # 确认当前操作,真正同步到数据库 已设置autocommit
print(res)


'''
针对增、删、改操作,执行重要程度偏高,必须要有一步确认操作(commit)
'''

课堂笔记

import pymysql
#连接数据库
conn=pymysql.connect(user='root', password="123",host="127.0.0.1",
        database="test",
        port=3306,
        charset="utf8")
#获取游标
cursor=conn.cursor(cursor=pymysql.cursors.DictCursor) #查出来字典形式
#操作 定义一个sql
# sql='select id,name from book'
# cursor.execute(sql)
# ret=cursor.fetchall()
# print(ret)
# [{'id': 1, 'name': 'zs'}, {'id': 2, 'name': 'ls'}]

#插入
# sql='insert into book(id,name) values (%s,%s)'
# cursor.execute(sql,[3,'wu'])
# conn.commit()
# conn.close()

#删除
# sql='delete from book where name=%s'
# cursor.execute(sql,['wu'])
# conn.commit()
# conn.close()

#更新
sql="update book set name=%s where id=%s"
cursor.execute(sql,["wu",1])
conn.commit()