pymysql模块

pymysql注入

  用户在输入的时候带有恶意的sql语句,而后端没有检测就直接拼接,获得的语句和期望的语句不一致 (带有’--)

1,查

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor(cursor=pymysql.cursors.DictCursor)
11 sql="select * from userinfo;"
12 cursor.execute(sql)
13 ret=cursor.fetchall()
14 print(ret)
15 ret1=cursor.fetchmany(1)
16 print(ret1)
17 ret2=cursor.fetchone()
18 print(ret2)
19 cursor.close()
20 conn.close()
View Code

2,增

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="insert into userinfo (username,password) values(%s,%s);"
12 cursor.execute(sql,['fei',"234"])
13 conn.commit()
14 cursor.close()
15 conn.close()
View Code

3,改

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="update userinfo set password=%s where username=%s;"
12 cursor.execute(sql,['abc',"fei"])
13 conn.commit()
14 cursor.close()
15 conn.close()
View Code

4,删

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="delete from userinfo where username=%s;"
12 cursor.execute(sql,["fei"])
13 conn.commit()
14 cursor.close()
15 conn.close()
View Code

移动光标

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor(cursor = pymysql.cursors.DictCursor)
11 sql="select * from userinfo;"
12 cursor.execute(sql)
13 cursor.scroll(1,mode="relative")
14 #cursor.scroll(1,mode="absolute")
15 ret = cursor.fetchmany(1)
16 print(ret)
17 cursor.close()
18 conn.close()
View Code

回滚

 1 import pymysql
 2 conn = pymysql.connect(
 3     host="192.168.16.90",
 4     port=3306,
 5     user="zc",
 6     password="123",
 7     database = 'user',
 8     charset = "utf8"
 9 )
10 cursor=conn.cursor()
11 sql="insert into userinfo (username,password) values(%s,%s)"
12 cursor.execute(sql,['fei',"123"])
13 conn.rollback()
14 conn.commit()
15 cursor.close()
16 conn.close()
View Code

 

posted @ 2018-10-08 15:52  若兮ruoxi  阅读(98)  评论(0编辑  收藏  举报