pymysql

参数(会导致SQL注入)

python 复制代码
import pymysql

# 创建数据库连接
conn = pymysql.connect(
    user = "root",
    password= "root",
    host= "127.0.0.1",
    port= 3306,
    database= "test"
)

# 创建游标对象
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)

name = input("请输入用户名")
password = input("请输入密码")
# id = input("请输入id")

# 准备sql

# 参数传递 方式一
#sql = "select * from t_user where name = '"+name+"' and  password = '"+password+"'"
#sql = "select * from t_user where id = "+id
#sql = "select * from t_user where id = "+id+" and name = '"+name+"'"

# 参数传递 方式二
sql = "select * from t_user where name = '%s' and password = '%s'"%(name,password)
print(sql)

# 执行sql语句,返回结果总条数
resultCount = cur.execute(sql)

#查询数据内容
result = cur.fetchall()

print(resultCount)
print(result)

if resultCount:
    print("登录成功")
else:
    print("用户名或密码错误")

# 关闭游标
cur.close()
# 关闭连接
conn.close()

防止SQL注入:

python 复制代码
import pymysql

# 创建数据库连接
conn = pymysql.connect(
    user = "root",
    password= "root",
    host= "127.0.0.1",
    port= 3306,
    database= "test"
)

# 创建游标对象
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)

name = input("请输入用户名")
password = input("请输入密码")
# id = input("请输入id")

# 准备sql

# 参数传递 方式二
# sql = "select * from t_user where name = %s and password = %s"
# 执行sql语句,返回结果总条数
# resultCount = cur.execute(sql,(name,password))


# sql = "select * from t_user where name = %s and password = %s"
# 执行sql语句,返回结果总条数
# resultCount = cur.execute(sql,[name,password])


sql = "select * from t_user where name = %(name)s and password = %(pass)s"
# 执行sql语句,返回结果总条数
resultCount = cur.execute(sql,{"name":name,"pass":password})

print(sql)
#查询所有数据内容
result = cur.fetchall()


print(result)

if resultCount:
    print("登录成功")
else:
    print("用户名或密码错误")

# 关闭游标
cur.close()
# 关闭连接
conn.close()

DQL:

python 复制代码
import pymysql

# 创建数据库连接
conn = pymysql.connect(
    user = "root",
    password= "root",
    host= "127.0.0.1",
    port= 3306,
    database= "test"
)

# 创建游标对象
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)


# 准备sql
sql = "select * from t_user"
# 执行sql语句,返回结果总条数
resultCount = cur.execute(sql)

#查询所有数据内容
# result = cur.fetchall()


# 按照顺序查询某一条内容
# result = cur.fetchone()
# result2 = cur.fetchone()
# result3 = cur.fetchone()
# result4 = cur.fetchone()
# print(result)
# print(result2)
# print(result3)
# print(result4)

# 查询指定数量的内容
result = cur.fetchmany(5)
print(result)

# 关闭游标
cur.close()
# 关闭连接
conn.close()

DML:

python 复制代码
import pymysql

# 创建数据库连接
conn = pymysql.connect(
    user = "root",
    password= "root",
    host= "127.0.0.1",
    port= 3306,
    database= "test"
)

# 创建游标对象
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)

# name = input("请输入用户名")
# password = input("请输入密码")
# address = input("请输入地址")

# 准备增加sql
# sql = "insert into t_user values (null,%s,%s,%s)"
# # 执行sql语句,返回结果总条数
# resultCount = cur.execute(sql,[name,password,address])


# 准备删除sql
# sql = "delete from t_user where id = %s"
# # # 执行sql语句,返回结果总条数
#
# resultCount = cur.execute(sql,[5])


# 准备修改sql
sql = "update t_user set password = %s,name = %s,address = %s where id = %s"
# # 执行sql语句,返回结果总条数

resultCount = cur.execute(sql,["789789","王五","某某某开发公司",3])
print(resultCount)


if resultCount:
    print("修改成功")
else:
    print("添加失败")

conn.commit()

# 关闭游标
cur.close()
# 关闭连接
conn.close()
相关推荐
weixin_4918533113 分钟前
SpringBoot 实现 RAS+AES 自动接口解密
java·spring boot·后端
程序员良辰2 小时前
Spring与SpringBoot:从手动挡到自动挡的Java开发进化论
java·spring boot·spring
鹦鹉0072 小时前
SpringAOP实现
java·服务器·前端·spring
练习时长两年半的程序员小胡3 小时前
JVM 性能调优实战:让系统性能 “飞” 起来的核心策略
java·jvm·性能调优·jvm调优
崎岖Qiu3 小时前
【JVM篇11】:分代回收与GC回收范围的分类详解
java·jvm·后端·面试
昵称是6硬币4 小时前
MongoDB系列教程-教程概述
数据库·mongodb
27669582925 小时前
东方航空 m端 wasm req res分析
java·python·node·wasm·东方航空·东航·东方航空m端
许苑向上5 小时前
Spring Boot 自动装配底层源码实现详解
java·spring boot·后端
喵叔哟6 小时前
31.【.NET8 实战--孢子记账--从单体到微服务--转向微服务】--单体转微服务--财务服务--收支分类
java·微服务·.net
codu4u13146 小时前
Maven中的bom和父依赖
java·linux·maven