pymysql模块:本质就是一个套接字客户端软件,使用前需要事先安装
pip install pymysql
1.基本使用
import pymysql user_name = input('name:').strip() user_psw = input('psw:').strip() # 1.建链接 conn = pymysql.connect( host='0.0.0.0', port=3306, user='root', password='xxx', database='db1', charset='utf8' ) # 2.游标 cursor = conn.cursor() # 执行完毕,返回的结果集默认以元祖显示 # 3.执行sql语句 sql = "select * from usr where name='%s' and psw='%s'"%(user_name,user_psw) print(sql) res = cursor.execute(sql) cursor.close() conn.close()
2.execute()之SQL注入
注意:符号--会注释掉它之后的sql,正确的语法:--后至少有一个任意字符
根本原理:就根据程序的字符串拼接name='%s',我们输入一个xxx' -- haha,用我们输入的xxx加'在程序中拼接成一个判断条件name='xxx' -- haha'
import pymysql user_name = input('name:').strip() user_psw = input('psw:').strip() # 1.建链接 conn = pymysql.connect( host='0.0.0.0', port=3306, user='root', password='xxx', database='db1', charset='utf8' ) # 2.游标 cursor = conn.cursor() # 执行完毕,返回的结果集默认以元祖显示 # 3.执行sql语句 sql = "select * from usr where name=%s and psw=%s" res = cursor.execute(sql,(user_name,user_psw)) # execute帮我们做字符串拼接,我们无需且一定不能再为%s加引号了 cursor.close() conn.close() if res: print('登陆成功!') else: print('登录失败!')
3.增加数据
import pymysql conn = pymysql.connect( host='0.0.0.0', port=3306, user='root', password='xxx', database='db1' ) cursor = conn.cursor() # sql = "insert into usr(name,psw) values('kong','hui123');" # res = cursor.execute(sql) sql = "insert into usr(name,psw) values(%s,%s);" res = cursor.execute(sql,('张三','hui123')) # 增加单个数据 # res = cursor.executemany(sql,[('李四','hui123'),('王五','hui123')]) # 添加多条记录 # print(res) # 返回影响行数 conn.commit() # 必须有提交操作 cursor.close() conn.close()
4.查询数据
import pymysql conn = pymysql.connect( host='0.0.0.0', port=3306, user='root', password='xxx', database='db1' ) cursor = conn.cursor() # 返回结果以元祖显示 # cursor = conn.cursor(cursor=pymysql.cursors.DictCursor) # 返回结果以字典显示 sql = 'select * from usr;' rows = cursor.execute(sql) # 一个个的取查询结果 # res1 = cursor.fetchone() # res2 = cursor.fetchone() # res3 = cursor.fetchone() # print(res1, res2, res3, sep='\n') # 一次取多个结果 # res = cursor.fetchmany(3) # for i in res: # print(i) # 取全部 res = cursor.fetchall() for i in res: print(i) # cursor.scroll(2,mode='absolute') # 相对初始位置移动 # cursor.scroll(2,mode='relative') # 相对当前位置移动 cursor.close() conn.close()