0
点赞
收藏
分享

微信扫一扫

Python(十一、pymysql和基本的防止sql注入)

菜菜捞捞 2021-09-27 阅读 66

查询

from pymysql import *


def main():
    conn = connect(host="192.168.103.114", port=3306, user="root", password="zengqiang", database="java",
                   charset="utf8")  # 注意此处是utf8没有横杠
    cs1 = conn.cursor()
    count = cs1.execute("select * from student;")
    print("查询到的%d条数据" % count)
    # for i in range(count):
    #     res = cs1.fetchone() # 获取一行数据
    #     print(res)
    # print(cs1.fetchall())  # 获取所有数据(('曾', 46, '31'), ('曾sac', 20, '11'), ('强', 300, '2'))
    print(cs1.fetchmany())  # 获取多条,但是不给参数默认返回一条  (('曾', 46, '31'),)
    print(cs1.fetchmany(2))  # 获取2条,(('曾sac', 20, '11'), ('强', 300, '2'))
    cs1.close()
    conn.close()


if __name__ == '__main__':
    main()

"""
使任何链接都可以通过以下用户名和密码链接数据库,针对远程时候:
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'zengqiang789' WITH GRANT OPTION;
FLUSH   PRIVILEGES;
"""
  

增删改

from pymysql import *


def main():
    conn = connect(host="192.168.103.114", port=3306, user="root", password="zengqiang", database="java",
                   charset="utf8")  # 注意此处是utf8没有横杠
    cs1 = conn.cursor()
    # count = cs1.execute('insert into student values ("强",32,"24")')   # 插入一行数据
    # count = cs1.execute('insert into student(name) values ("haha")')  # 只插入name属性的数据
    # print("受影响的%d条数据" % count)

    # 更新
    # count = cs1.execute('update student set name="haha" where name ="hehe"')
    # 删除
    # count = cs1.execute('delete from student  where name ="haha"')

    # 防止sql注入,利用execute,参数二是数组,可以填写多个数据
    count = cs1.execute('delete from student  where name =%s', ["haha"])
    
    # 针对增删改,必须提交
    conn.commit()
    cs1.close()
    conn.close()


if __name__ == '__main__':
    main()

"""
使任何链接都可以通过以下用户名和密码链接数据库,针对远程时候:
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'zengqiang789' WITH GRANT OPTION;
FLUSH   PRIVILEGES;
"""

举报

相关推荐

0 条评论