MySQL(三)---pymysql
目录
- 3.1python连接数据库
- 3.2sql注入
- 3.3增删改查
- 3.4ORM框架:SQLAchemy
-
- a.连接数据库
- b.创建表
- c.修改数据(增删改)
- d.查
- e.其他
3.1python连接数据库
import pymysql
user = input('请输入用户名:')
pwd = input('请输入密码:')
# 1.连接
conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', password='', db='db', charset='utf8')
# 2.创建游标
cursor = conn.cursor()
#注意%s需要加引号
sql = "select * from userinfo where username='%s' and pwd='%s'" %(user, pwd)
print(sql)
# 3.执行sql语句
cursor.execute(sql)
result=cursor.execute(sql) #执行sql语句,返回sql查询成功的记录数目
print(result)
# 关闭连接,游标和连接都要关闭
cursor.close()
conn.close()
3.2sql注入
原因:sql的注释(-- )
sql = "select * from userinfo where username='%s' and pwd='%s'" %(user, pwd)
#1、sql注入之:用户存在,绕过密码
mjj' -- 任意字符
#2、sql注入之:用户不存在,绕过用户与密码
xxx' or 1=1 -- 任意字符
解决办法:避免自己拼接字符串
sql="select * from userinfo where name=%s and password=%s" #!!!注意%s需要去掉引号
result=cursor.execute(sql,[user,pwd])
#If args is a list or tuple, %s can be used as a placeholder in the query.
#If args is a dict, %(name)s can be used as a placeholder in the query.
3.3增删改查
增删改需要提交,commit()
import pymysql
username = input('请输入用户名:')
pwd = input('请输入密码:')
# 1.连接
conn = pymysql.connect(host='localhost', port=3306, user='root', password='', db='db', charset='utf8')
# 2.创建游标
cursor = conn.cursor()
# 操作
# 增
# sql = "insert into userinfo(username,pwd) values (%s,%s)"
# effect_row = cursor.execute(sql,(username,pwd))
#同时插入多条数据
#cursor.executemany(sql,[('李四','110'),('王五','119')])
# print(effect_row)#
# 改
# sql = "update userinfo set username = %s where id = 2"
# effect_row = cursor.execute(sql,username)
# print(effect_row)
# 删
sql = "delete from userinfo where id = 2"
effect_row = cursor.execute(sql)
print(effect_row)
#一定记得commit
conn.commit()
# 4.关闭游标
cursor.close()
# 5.关闭连接
conn.close()
查:
fetchone():获取下一行数据,第一次为首行;
fetchall():获取所有行数据源
fetchmany(4):获取4行数据
默认返回值是元组:((1, 'mjj', '123'), (3, '张三', '110'), (4, '李四', '119'))
设置返回置为字典:cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
指针移动方法:
cursor.scroll(1,mode='relative') # 相对当前位置移动
cursor.scroll(2,mode='absolute') # 相对绝对位置移动,表头
第一个值为移动的行数,整数为向下移动,负数为向上移动,mode指定了是相对当前位置移动,还是相对于首行移动
3.4ORM框架:SQLAchemy
a.连接数据库
from sqlalchemy import create_engine
engine = create_engine("mysql://root:@localhost:3306/db?charset=utf8",encoding="utf-8", echo=True)
b.创建表
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy import Column, Integer, String, ForeignKey, UniqueConstraint, Index,CHAR,VARCHAR
from sqlalchemy.orm import sessionmaker, relationship
from sqlalchemy import create_engine
Base = declarative_base()
# 创建单表
class UserType(Base):
__tablename__ = 'usertype'
id = Column(Integer, primary_key=True, autoincrement=True)
title = Column(VARCHAR(32), nullable=True, index=True)
class Users(Base):
__tablename__ = 'users'
id = Column(Integer, primary_key=True, autoincrement=True)
name = Column(VARCHAR(32), nullable=True, index=True)
email = Column(VARCHAR(16), unique=True)
# user_type_id = Column(Integer,ForeignKey("usertype.id"))
# user_type = relationship("UserType",backref='xxoo')
# __table_args__ = (
# UniqueConstraint('id', 'name', name='uix_id_name'),
# Index('ix_n_ex','name', 'email',),
# )
def create_db():
engine = create_engine("mysql+pymysql://root:@localhost:3306/db4?charset=utf8", max_overflow=5)
Base.metadata.create_all(engine)
def drop_db():
engine = create_engine("mysql+pymysql://root:@localhost:3306/db4?charset=utf8", max_overflow=5)
Base.metadata.drop_all(engine)
create_db() #创建
# drop_db() #删除
c.修改数据(增删改)
engine = create_engine("mysql+pymysql://root:@127.0.0.1:3306/db4?charset=utf8", max_overflow=5)
Session = sessionmaker(bind=engine)
session = Session()
# 类 -> 表
# 对象 -> 行
# ###### 增加 ######
#增加一条数据
# obj1 = UserType(title='普通用户')
# session.add(obj1)
#增加多条数据
# objs =[
# UserType(title='超级用户'),
# UserType(title='白金用户'),
# UserType(title='黑金用户'),
# ]
# session.add_all(objs)
#删
session.query(Users).filter(Users.id > 2).delete()
session.commit()
#改
session.query(Users).filter(Users.id > 2).update({
"name" : "099"})
session.query(Users).filter(Users.id > 2).update({
Users.name: Users.name + "099"}, synchronize_session=False)
session.query(Users).filter(Users.id > 2).update({
"num": Users.num + 1}, synchronize_session="evaluate")
#synchronize_session用于query在进行delete或者update操作的时候,对session的同步策略 默认值为evaluate
session.commit()
d.查
# ###### 查 ######
# print(session.query(UserType))
# user_type_list = session.query(UserType).all()
# for row in user_type_list:
# print(row.id,row.title)
# select xxx UserType where
# user_type_list = session.query(UserType.id,UserType.title).filter(UserType.id > 2)
# for row in user_type_list:
# print(row.id,row.title)
e.其他
# 条件
ret = session.query(Users).filter_by(name='alex').all()
ret = session.query(Users).filter(Users.id > 1, Users.name == 'eric').all()
ret = session.query(Users).filter(Users.id.between(1, 3), Users.name == 'eric').all()
ret = session.query(Users).filter(Users.id.in_([1,3,4])).all()
ret = session.query(Users).filter(~Users.id.in_([1,3,4])).all() //非
ret = session.query(Users).filter(Users.id.in_(session.query(Users.id).filter_by(name='eric'))).all()
from sqlalchemy import and_, or_
ret = session.query(Users).filter(and_(Users.id > 3, Users.name == 'eric')).all()
ret = session.query(Users).filter(or_(Users.id < 2, Users.name == 'eric')).all()
ret = session.query(Users).filter(
or_(
Users.id < 2,
and_(Users.name == 'eric', Users.id > 3),
Users.extra != ""
)).all()
# 通配符
ret = session.query(Users).filter(Users.name.like('e%')).all()
ret = session.query(Users).filter(~Users.name.like('e%')).all()
# 限制
ret = session.query(Users)[1:2]
# 排序
ret = session.query(Users).order_by(Users.name.desc()).all()
ret = session.query(Users).order_by(Users.name.desc(), Users.id.asc()).all()
# 分组
from sqlalchemy.sql import func
ret = session.query(Users).group_by(Users.extra).all()
ret = session.query(
func.max(Users.id),
func.sum(Users.id),
func.min(Users.id)).group_by(Users.name).all()
ret = session.query(
func.max(Users.id),
func.sum(Users.id),
func.min(Users.id)).group_by(Users.name).having(func.min(Users.id) >2).all()
# 连表
ret = session.query(Users, Favor).filter(Users.id == Favor.nid).all()
ret = session.query(Person).join(Favor).all()
ret = session.query(Person).join(Favor, isouter=True).all()
# 组合
q1 = session.query(Users.name).filter(Users.id > 2)
q2 = session.query(Favor.caption).filter(Favor.nid < 2)
ret = q1.union(q2).all()
q1 = session.query(Users.name).filter(Users.id > 2)
q2 = session.query(Favor.caption).filter(Favor.nid < 2)
ret = q1.union_all(q2).all()
# 分组,排序,连表,通配符,子查询,limit,union,where,原生SQL、
# ret = session.query(Users, UserType)
# select * from user,usertype;
#
# ret = session.query(Users, UserType).filter(Users.usertype_id==UserType.id)
# select * from user,usertype whre user.usertype_id = usertype.id
# result = session.query(Users).join(UserType)
# print(result)
# result = session.query(Users).join(UserType,isouter=True)
# print(result)
# 1.
# select * from b where id in (select id from tb2)
# 2 select * from (select * from tb) as B
# q1 = session.query(UserType).filter(UserType.id > 0).subquery()
# result = session.query(q1).all()
# print(result)
# 3
# select
# id ,
# (select * from users where users.user_type_id=usertype.id)
# from usertype;
# session.query(UserType,session.query(Users).filter(Users.id == 1).subquery())
# session.query(UserType,Users)
# result = session.query(UserType.id,session.query(Users).as_scalar())
# print(result)
# result = session.query(UserType.id,session.query(Users).filter(Users.user_type_id==UserType.id).as_scalar())
# print(result)
# 问题1. 获取用户信息以及与其关联的用户类型名称(FK,Relationship=>正向操作)
# user_list = session.query(Users,UserType).join(UserType,isouter=True)
# print(user_list)
# for row in user_list:
# print(row[0].id,row[0].name,row[0].email,row[0].user_type_id,row[1].title)
# user_list = session.query(Users.name,UserType.title).join(UserType,isouter=True).all()
# for row in user_list:
# print(row[0],row[1],row.name,row.title)
# user_list = session.query(Users)
# for row in user_list:
# print(row.name,row.id,row.user_type.title)
# 问题2. 获取用户类型
# type_list = session.query(UserType)
# for row in type_list:
# print(row.id,row.title,session.query(Users).filter(Users.user_type_id == row.id).all())
# type_list = session.query(UserType)
# for row in type_list:
# print(row.id,row.title,row.xxoo)
# ###### 删除 ######
# session.query(UserType.id,UserType.title).filter(UserType.id > 2).delete()
# ###### 修改 ######
# session.query(UserType.id,UserType.title).filter(UserType.id > 0).update({"title" : "黑金"})
# session.query(UserType.id,UserType.title).filter(UserType.id > 0).update({UserType.title: UserType.title + "x"}, synchronize_session=False)
# session.query(UserType.id,UserType.title).filter(UserType.id > 0).update({"num": Users.num + 1}, synchronize_session="evaluate")
session.commit()
session.close()
注:设置外检的另一种方式 ForeignKeyConstraint(['other_id'], ['othertable.other_id'])