pymysql

参数(会导致SQL注入)

python 复制代码
import pymysql

# 创建数据库连接
conn = pymysql.connect(
    user = "root",
    password= "root",
    host= "127.0.0.1",
    port= 3306,
    database= "test"
)

# 创建游标对象
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)

name = input("请输入用户名")
password = input("请输入密码")
# id = input("请输入id")

# 准备sql

# 参数传递 方式一
#sql = "select * from t_user where name = '"+name+"' and  password = '"+password+"'"
#sql = "select * from t_user where id = "+id
#sql = "select * from t_user where id = "+id+" and name = '"+name+"'"

# 参数传递 方式二
sql = "select * from t_user where name = '%s' and password = '%s'"%(name,password)
print(sql)

# 执行sql语句,返回结果总条数
resultCount = cur.execute(sql)

#查询数据内容
result = cur.fetchall()

print(resultCount)
print(result)

if resultCount:
    print("登录成功")
else:
    print("用户名或密码错误")

# 关闭游标
cur.close()
# 关闭连接
conn.close()

防止SQL注入:

python 复制代码
import pymysql

# 创建数据库连接
conn = pymysql.connect(
    user = "root",
    password= "root",
    host= "127.0.0.1",
    port= 3306,
    database= "test"
)

# 创建游标对象
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)

name = input("请输入用户名")
password = input("请输入密码")
# id = input("请输入id")

# 准备sql

# 参数传递 方式二
# sql = "select * from t_user where name = %s and password = %s"
# 执行sql语句,返回结果总条数
# resultCount = cur.execute(sql,(name,password))


# sql = "select * from t_user where name = %s and password = %s"
# 执行sql语句,返回结果总条数
# resultCount = cur.execute(sql,[name,password])


sql = "select * from t_user where name = %(name)s and password = %(pass)s"
# 执行sql语句,返回结果总条数
resultCount = cur.execute(sql,{"name":name,"pass":password})

print(sql)
#查询所有数据内容
result = cur.fetchall()


print(result)

if resultCount:
    print("登录成功")
else:
    print("用户名或密码错误")

# 关闭游标
cur.close()
# 关闭连接
conn.close()

DQL:

python 复制代码
import pymysql

# 创建数据库连接
conn = pymysql.connect(
    user = "root",
    password= "root",
    host= "127.0.0.1",
    port= 3306,
    database= "test"
)

# 创建游标对象
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)


# 准备sql
sql = "select * from t_user"
# 执行sql语句,返回结果总条数
resultCount = cur.execute(sql)

#查询所有数据内容
# result = cur.fetchall()


# 按照顺序查询某一条内容
# result = cur.fetchone()
# result2 = cur.fetchone()
# result3 = cur.fetchone()
# result4 = cur.fetchone()
# print(result)
# print(result2)
# print(result3)
# print(result4)

# 查询指定数量的内容
result = cur.fetchmany(5)
print(result)

# 关闭游标
cur.close()
# 关闭连接
conn.close()

DML:

python 复制代码
import pymysql

# 创建数据库连接
conn = pymysql.connect(
    user = "root",
    password= "root",
    host= "127.0.0.1",
    port= 3306,
    database= "test"
)

# 创建游标对象
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)

# name = input("请输入用户名")
# password = input("请输入密码")
# address = input("请输入地址")

# 准备增加sql
# sql = "insert into t_user values (null,%s,%s,%s)"
# # 执行sql语句,返回结果总条数
# resultCount = cur.execute(sql,[name,password,address])


# 准备删除sql
# sql = "delete from t_user where id = %s"
# # # 执行sql语句,返回结果总条数
#
# resultCount = cur.execute(sql,[5])


# 准备修改sql
sql = "update t_user set password = %s,name = %s,address = %s where id = %s"
# # 执行sql语句,返回结果总条数

resultCount = cur.execute(sql,["789789","王五","某某某开发公司",3])
print(resultCount)


if resultCount:
    print("修改成功")
else:
    print("添加失败")

conn.commit()

# 关闭游标
cur.close()
# 关闭连接
conn.close()
相关推荐
麦兜*3 分钟前
Spring Boot启动优化7板斧(延迟初始化、组件扫描精准打击、JVM参数调优):砍掉70%启动时间的魔鬼实践
java·jvm·spring boot·后端·spring·spring cloud·系统架构
KK溜了溜了22 分钟前
JAVA-springboot 整合Redis
java·spring boot·redis
天河归来32 分钟前
使用idea创建springboot单体项目
java·spring boot·intellij-idea
程序员柳36 分钟前
基于微信小程序的校园二手交易平台、微信小程序校园二手商城源代码+数据库+使用说明,layui+微信小程序+Spring Boot
数据库·微信小程序·layui
weixin_478689761 小时前
十大排序算法汇总
java·算法·排序算法
码荼1 小时前
学习开发之hashmap
java·python·学习·哈希算法·个人开发·小白学开发·不花钱不花时间crud
梦在深巷、1 小时前
MySQL/MariaDB数据库主从复制之基于二进制日志的方式
linux·数据库·mysql·mariadb
IT乌鸦坐飞机1 小时前
ansible部署数据库服务随机启动并创建用户和设置用户有完全权限
数据库·ansible·centos7
IT_10241 小时前
Spring Boot项目开发实战销售管理系统——数据库设计!
java·开发语言·数据库·spring boot·后端·oracle
ye902 小时前
银河麒麟V10服务器版 + openGuass + JDK +Tomcat
java·开发语言·tomcat