zoukankan html css js c++ java
pymysql模块

## pymysql的安装
pip3 install pymysql

## pymysql的链接、执行sql、关闭（游标）


import pymysql
user=input('用户名: ').strip()
pwd=input('密码: ').strip()

#链接
conn=pymysql.connect(
    host='localhost',
    user='root',
    database='db3',
    charset='utf8'
)


#游标
cursor=conn.cursor() #执行完毕返回的结果集默认以元组显示
#cursor=conn.cursor(cursor=pymysql.cursors.DictCursor)


#执行sql语句
sql='select * from userinfo where name="%s" and password="%s"' %(user,pwd) #注意%s需要加引号
print(sql)
res=cursor.execute(sql) #执行sql语句，返回sql查询成功的记录数目
print(res)

cursor.close()
conn.close()

if res:
    print('登录成功')
else:
    print('登录失败')
```

## execute()sql注入
注意：符号--会注释掉它之后的sql，正确的语法：--后至少有一个任意字符

根本原理：就根据程序的字符串拼接name='%s'，我们输入一个_**xxx' -- haha**_,用我们输入的xxx加'在程序中拼接成一个判断条件name='_**xxx' -- haha**_'
```
最后那一个空格，在一条sql语句中如果遇到select * from t1 where id > 3 -- and name='alex';则--之后的条件被注释掉了

#1、sql注入之：用户存在，绕过密码
alex' -- 任意字符

#2、sql注入之：用户不存在，绕过用户与密码
xxx' or 1=1 -- 任意字符
```
绕过密码进行登陆
![](index_files/a46ff1a9-5da8-479d-b1fa-dfd9d526c9a7.png)
绕过用户和密码登陆
![](index_files/7bbe0232-716c-4244-ad8f-8959c9a4f526.png)

解决方法：
```
# 原来是我们对sql进行字符串拼接
# sql="select * from userinfo where name='%s' and password='%s'" %(user,pwd)
# print(sql)
# res=cursor.execute(sql)

#改写为（execute帮我们做字符串拼接，我们无需且一定不能再为%s加引号了）
sql="select * from userinfo where name=%s and password=%s" #！！！注意%s需要去掉引号，因为pymysql会自动为我们加上
res=cursor.execute(sql,[user,pwd]) #pymysql模块自动帮我们解决sql注入的问题，只要我们按照pymysql的规矩来。
```
示例代码：
```python
#!/usr/bin/env python3
# -*- coding:utf-8 -*-

import pymysql


user = input('>>:').strip()
pwd = input('>>:').strip()

conn = pymysql.connect(
    host = '127.0.0.1',
    port = 3306,
    user = 'root',
    db = 'db3',
    charset = 'utf8'
)

cursor = conn.cursor()

sql = 'select * from userinfo where name = %s and password = %s'
print(sql)
rows = cursor.execute(sql,[user,pwd])
print(rows)
cursor.close()
conn.close()

if rows:
    print('登陆成功')
else:
    print('登陆失败')
```

## pymysql 增、删、改conn.commit()
```python
#!/usr/bin/env python3
# -*- coding:utf-8 -*-

import pymysql

#建立链接
conn = pymysql.connect(
    host = '127.0.0.1',
    port = 3306,
    user = 'root',
    db = 'db3',
    charset = 'utf8'
)
# 拿游标
cursor = conn.cursor()
#执行sql语句
#增加
sql = 'insert into userinfo(name,password) values(%s,%s);'
# #删除
# # sql = 'delete from userinfo where id = 5;'
# #修改
# sql = 'update userinfo set name = "ALEX" where id = 1; '
print(sql)
# rows = cursor.execute(sql,('ab','123')) # 增加一条
rows = cursor.executemany(sql,[('ab','123'),('a','123'),('b','234')]) # 增加多条
print(cursor.lastrowid) # 获取最后一个插入的id

conn.commit() # 提交后才插入表格中
cursor.close()
conn.close()
```

## **查：fetchone，fetchmany，fetchall**
```python
#!/usr/bin/env python3
# -*- coding:utf-8 -*-

import pymysql

#建立链接
conn = pymysql.connect(
    host = '127.0.0.1',
    port = 3306,
    user = 'root',
    db = 'db3',
    charset = 'utf8'
)
# 拿游标
cursor = conn.cursor()
#执行sql
sql = 'select * from userinfo;'
rows = cursor.execute(sql)#执行sql语句，返回sql影响成功的行数rows,将结果放入一个集合，等待被查询

# cursor.scroll(2,mode='absolute') # 绝对位置移动
# cursor.scroll(2,mode='relative')# 相对位置移动
res1 = cursor.fetchone()
res2 = cursor.fetchone()
res3 = cursor.fetchone()
res4 = cursor.fetchone()
res5 = cursor.fetchmany(2)
res = cursor.fetchall()
print(res1)
print(res2)
print(res3)
print(res4)
print(res5)
print(res)
print('%s rows in set(0.00 sec)'%(rows))
查看全文
相关阅读:
Study Plan The Twelfth Day
Study Plan The Fifteenth Day
Study Plan The Seventeenth Day
Study Plan The Tenth Day
Study Plan The Eighth Day
Study Plan The Eleventh Day
Study Plan The Sixteenth Day
Study Plan The Thirteenth Day
Study Plan The Fourteenth Day
Study Plan The Ninth Day
原文地址：https://www.cnblogs.com/yjiu1990/p/9263415.html