13 pymysql模块的 基本使用/ sql 注入的问题/增删改查

import pymysql

user=input(‘用户名: ‘).strip()
pwd=input(‘密码: ‘).strip()
#连接MySQL
conn=pymysql.connect(
    host=‘localhost‘,
    user =‘root‘,
    password=‘888888‘,
    database=‘db10‘,
    charset=‘utf8‘
)

#游标
cursor=conn.cursor()

#执行sql 语句
sql=‘select * from userinfo where user= "%s" and pwd="%s"‘%(user,pwd)print(sql)
raws=cursor.execute(sql)

cursor.close()
conn.close()

#判断

if raws:
    print(‘登录成功‘)
else:
    print(‘登录失败‘)

sql 注入的问题：

#执行sql 语句
sql=‘select * from userinfo where user= %s and pwd=%s‘
raws=cursor.execute(sql,(user,pwd))

增删改查：

import pymysql

conn=pymysql.connect(
    host=‘localhost‘,
    user =‘root‘,
    password=‘888888‘,
    database=‘db10‘,
    charset=‘utf8‘
)

#游标
cursor=conn.cursor()

sql =‘insert into userinfo(user,pwd) values(%s,%s);‘
# rows=cursor.execute(sql,(‘iris‘,‘123‘))
# print(rows)
rows=cursor.executemany(sql,[(‘kevin1‘,‘1233‘),(‘kevin2‘,‘111‘),(‘kevin3‘,‘222‘)]) #增加多条
print(cursor.lastrowid)
conn.commit()  #这一条才能让插入语句插入成功
#关闭
cursor.close()
conn.close()

#查询

import pymysql

conn=pymysql.connect(
    host=‘localhost‘,
    user =‘root‘,
    password=‘888888‘,
    database=‘db10‘,
    charset=‘utf8‘
)

#游标
cursor=conn.cursor(pymysql.cursors.DictCursor)

rows=cursor.execute(‘select * from userinfo;‘)

# print(cursor.fetchmany(6))
# print(cursor.fetchall())
# res=cursor.fetchone()
# res2=cursor.fetchone()
# res3=cursor.fetchone()
# print(res)
# print(res2)
# print(res3)
print(cursor.fetchone())
# cursor.scroll(3,mode=‘absolute‘) #绝对移动
cursor.scroll(2,mode=‘relative‘)  #相对移动
print(cursor.fetchone())

#关闭
cursor.close()
conn.close()

原文地址：https://www.cnblogs.com/zhujing666/p/12318238.html