zoukankan      html  css  js  c++  java

  • pymysql模块

    pymysql注入

      用户在输入的时候带有恶意的sql语句,而后端没有检测就直接拼接,获得的语句和期望的语句不一致 (带有’--)

    1,查

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor(cursor=pymysql.cursors.DictCursor)
11 sql="select * from userinfo;"
12 cursor.execute(sql)
13 ret=cursor.fetchall()
14 print(ret)
15 ret1=cursor.fetchmany(1)
16 print(ret1)
17 ret2=cursor.fetchone()
18 print(ret2)
19 cursor.close()
20 conn.close()
    View Code

    2,增

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="insert into userinfo (username,password) values(%s,%s);"
12 cursor.execute(sql,['fei',"234"])
13 conn.commit()
14 cursor.close()
15 conn.close()
    View Code

    3,改

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="update userinfo set password=%s where username=%s;"
12 cursor.execute(sql,['abc',"fei"])
13 conn.commit()
14 cursor.close()
15 conn.close()
    View Code

    4,删

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="delete from userinfo where username=%s;"
12 cursor.execute(sql,["fei"])
13 conn.commit()
14 cursor.close()
15 conn.close()
    View Code

    移动光标

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor(cursor = pymysql.cursors.DictCursor)
11 sql="select * from userinfo;"
12 cursor.execute(sql)
13 cursor.scroll(1,mode="relative")
14 #cursor.scroll(1,mode="absolute")
15 ret = cursor.fetchmany(1)
16 print(ret)
17 cursor.close()
18 conn.close()
    View Code

    回滚

     1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="insert into userinfo (username,password) values(%s,%s)"
12 cursor.execute(sql,['fei',"123"])
13 conn.rollback()
14 conn.commit()
15 cursor.close()
16 conn.close()
    View Code
  • 相关阅读:
    Django学习路10_创建一个新的数据库,指定列名并修改表名
    设计模式_单例模式的懒汉式实例化
    设计模式_理解单例设计模式
    Django学习路9_流程复习
    Django学习路8_学生表和班级表级联并相互查询信息
    Django学习路7_注册app到能够在页面上显示app网页内容
    es6基础:类、继承、重写
    简单的下拉刷新
    callback&&callback()
    转 五大浏览器四大内核
  • 原文地址:https://www.cnblogs.com/ruoxiruoxi/p/9754852.html
Copyright © 2011-2022 走看看