zoukankan html css js c++ java

pymysql模块

pymysql注入

　　用户在输入的时候带有恶意的sql语句，而后端没有检测就直接拼接，获得的语句和期望的语句不一致（带有’--）

1，查

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor(cursor=pymysql.cursors.DictCursor)
11 sql="select * from userinfo;"
12 cursor.execute(sql)
13 ret=cursor.fetchall()
14 print(ret)
15 ret1=cursor.fetchmany(1)
16 print(ret1)
17 ret2=cursor.fetchone()
18 print(ret2)
19 cursor.close()
20 conn.close()

View Code

2，增

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="insert into userinfo (username,password) values(%s,%s);"
12 cursor.execute(sql,['fei',"234"])
13 conn.commit()
14 cursor.close()
15 conn.close()

View Code

3，改

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="update userinfo set password=%s where username=%s;"
12 cursor.execute(sql,['abc',"fei"])
13 conn.commit()
14 cursor.close()
15 conn.close()

View Code

4，删

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="delete from userinfo where username=%s;"
12 cursor.execute(sql,["fei"])
13 conn.commit()
14 cursor.close()
15 conn.close()

View Code

移动光标

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor(cursor = pymysql.cursors.DictCursor)
11 sql="select * from userinfo;"
12 cursor.execute(sql)
13 cursor.scroll(1,mode="relative")
14 #cursor.scroll(1,mode="absolute")
15 ret = cursor.fetchmany(1)
16 print(ret)
17 cursor.close()
18 conn.close()

View Code

回滚

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="insert into userinfo (username,password) values(%s,%s)"
12 cursor.execute(sql,['fei',"123"])
13 conn.rollback()
14 conn.commit()
15 cursor.close()
16 conn.close()

View Code

查看全文

相关阅读:
DirectShow自带实例StillCap在回调函数里实现抓图并保存为文件
 x264 VS2008下编译成功
 yuy2_to_i420,yuyv_to_i420
x264源码阅读
 oracle 归档日志开启、关闭及删除归档日志
 TOMCAT设置JVM
linux root 操作oracle命令
 struts2 标签判断list是否为空
 linux下mysql 5.5配置
 RHEL 6 下VNC Server 的安装配置

原文地址：https://www.cnblogs.com/ruoxiruoxi/p/9754852.html