pymysql模块
## pymysql的安装 pip3 install pymysql ## pymysql的链接、执行sql、关闭(游标) import pymysql user=input('用户名: ').strip() pwd=input('密码: ').strip() #链接 conn=pymysql.connect( host='localhost', user='root', database='db3', charset='utf8' ) #游标 cursor=conn.cursor() #执行完毕返回的结果集默认以元组显示 #cursor=conn.cursor(cursor=pymysql.cursors.DictCursor) #执行sql语句 sql='select * from userinfo where name="%s" and password="%s"' %(user,pwd) #注意%s需要加引号 print(sql) res=cursor.execute(sql) #执行sql语句,返回sql查询成功的记录数目 print(res) cursor.close() conn.close() if res: print('登录成功') else: print('登录失败') ``` ## execute()sql注入 注意:符号--会注释掉它之后的sql,正确的语法:--后至少有一个任意字符 根本原理:就根据程序的字符串拼接name='%s',我们输入一个_**xxx' -- haha**_,用我们输入的xxx加'在程序中拼接成一个判断条件name='_**xxx' -- haha**_' ``` 最后那一个空格,在一条sql语句中如果遇到select * from t1 where id > 3 -- and name='alex';则--之后的条件被注释掉了 #1、sql注入之:用户存在,绕过密码 alex' -- 任意字符 #2、sql注入之:用户不存在,绕过用户与密码 xxx' or 1=1 -- 任意字符 ``` 绕过密码进行登陆 ![](index_files/a46ff1a9-5da8-479d-b1fa-dfd9d526c9a7.png) 绕过用户和密码登陆 ![](index_files/7bbe0232-716c-4244-ad8f-8959c9a4f526.png) 解决方法: ``` # 原来是我们对sql进行字符串拼接 # sql="select * from userinfo where name='%s' and password='%s'" %(user,pwd) # print(sql) # res=cursor.execute(sql) #改写为(execute帮我们做字符串拼接,我们无需且一定不能再为%s加引号了) sql="select * from userinfo where name=%s and password=%s" #!!!注意%s需要去掉引号,因为pymysql会自动为我们加上 res=cursor.execute(sql,[user,pwd]) #pymysql模块自动帮我们解决sql注入的问题,只要我们按照pymysql的规矩来。 ``` 示例代码: ```python #!/usr/bin/env python3 # -*- coding:utf-8 -*- import pymysql user = input('>>:').strip() pwd = input('>>:').strip() conn = pymysql.connect( host = '127.0.0.1', port = 3306, user = 'root', db = 'db3', charset = 'utf8' ) cursor = conn.cursor() sql = 'select * from userinfo where name = %s and password = %s' print(sql) rows = cursor.execute(sql,[user,pwd]) print(rows) cursor.close() conn.close() if rows: print('登陆成功') else: print('登陆失败') ``` ## pymysql 增、删、改conn.commit() ```python #!/usr/bin/env python3 # -*- coding:utf-8 -*- import pymysql #建立链接 conn = pymysql.connect( host = '127.0.0.1', port = 3306, user = 'root', db = 'db3', charset = 'utf8' ) # 拿游标 cursor = conn.cursor() #执行sql语句 #增加 sql = 'insert into userinfo(name,password) values(%s,%s);' # #删除 # # sql = 'delete from userinfo where id = 5;' # #修改 # sql = 'update userinfo set name = "ALEX" where id = 1; ' print(sql) # rows = cursor.execute(sql,('ab','123')) # 增加一条 rows = cursor.executemany(sql,[('ab','123'),('a','123'),('b','234')]) # 增加多条 print(cursor.lastrowid) # 获取最后一个插入的id conn.commit() # 提交后才插入表格中 cursor.close() conn.close() ``` ## **查:fetchone,fetchmany,fetchall** ```python #!/usr/bin/env python3 # -*- coding:utf-8 -*- import pymysql #建立链接 conn = pymysql.connect( host = '127.0.0.1', port = 3306, user = 'root', db = 'db3', charset = 'utf8' ) # 拿游标 cursor = conn.cursor() #执行sql sql = 'select * from userinfo;' rows = cursor.execute(sql)#执行sql语句,返回sql影响成功的行数rows,将结果放入一个集合,等待被查询 # cursor.scroll(2,mode='absolute') # 绝对位置移动 # cursor.scroll(2,mode='relative')# 相对位置移动 res1 = cursor.fetchone() res2 = cursor.fetchone() res3 = cursor.fetchone() res4 = cursor.fetchone() res5 = cursor.fetchmany(2) res = cursor.fetchall() print(res1) print(res2) print(res3) print(res4) print(res5) print(res) print('%s rows in set(0.00 sec)'%(rows))