zoukankan      html  css  js  c++  java
  • Python--sql注入

    import pymysql

    conn = pymysql.connect(host='211.149.218.16', user='jxz', password='123456', db='jxz', port=3306, charset='utf8')
    cur = conn.cursor(cursor=pymysql.cursors.DictCursor)
    name = 'zdq'
    sex = 0
    cur.execute('select * from bt_stu where real_name=%s and sex=%s', (name, sex)) # 可以防止sql注入
    print(cur.fetchall())


    def test(a, b):
    print(a, b)


    li = [1, 2]
    test(*li)
    d = {'a': '123', 'b': '456'}
    test(**d)


    def op_mysql_new(sql1, *data):
    # 利用*data可变参数,就能防止sql注入
    print(sql1)
    print(data)
    cur.execute(sql1, data)
    print(cur.fetchall())


    sql = 'select * from user where username=%s and id=%s'
    name = 'haha'
    id1 = 140
    op_mysql_new(sql, name, id1)

    # 同时执行多个sql executemany
    sql = 'insert into seq (blue,red,date) values (%s,%s,%s)'
    all_res = [
    ['16', '01,02,03,05,09,06', '2018-01-28'],
    ['15', '01,02,03,05,09,06', '2018-01-28'],
    ['14', '01,02,03,05,09,06', '2018-01-28'],
    ['13', '01,02,03,05,09,06', '2018-01-28'],
    ['13', '01,02,03,05,09,06', '2018-01-28'],
    ['13', '01,02,03,05,09,06', '2018-01-28'],
    ['13', '01,02,03,05,09,06', '2018-01-28'],
    ['13', '01,02,03,05,09,06', '2018-01-28'],
    ['13', '01,02,03,05,09,06', '2018-01-28'],
    ['13', '01,02,03,05,09,06', '2018-01-28'],
    ['13', '01,02,03,05,09,06', '2018-01-28'],
    ['13', '01,02,03,05,09,06', '2018-01-28'],
    ]
    cur.executemany(sql, all_res)
    conn.commit()
  • 相关阅读:
    hdoj:2033
    hdoj:2032
    hdoj:2031
    hdoj:2029
    hdoj:2028
    hdoj:2027
    hdoj:2024
    hdoj:2023
    hdoj:2022
    hdoj:题目分类
  • 原文地址:https://www.cnblogs.com/wangsilei/p/8407282.html
Copyright © 2011-2022 走看看