小白MySQL学习-day03

目录

实现增删改查：

        客户端操作：

        py代码：

        案例：

SQL注入：

完成作业：

---

实现增删改查：

        客户端操作：

• 增：

insert into 表名 (列名,列名,列名) values(对应列的值,对应列的值,对应列的值);

例：

insert into l1 values('张三','123'),('alex','456'); -- 如果表中只有2列

• 删：

delete from 表名;
delete from 表名 where 条件;

例：

delete from l1 where name="zhangsan";

delete from tb1 where id=1;

• 改：

update 表名 set 列名=值;
update 表名 set 列名=值 where 条件;

例：

update l1 set name="zhangsan" where id=1;

update L3 set name=concat(name,"db");

• 查：

select * from 表名;
select 列名,列名,列名 from 表名;
select 列名,列名 as 别名,列名 from 表名;
select * from 表名 where 条件;

例：

*表示所有数据

select * from tb1 where id != 1;

select id,name as N,age, 111 from tb1;

        py代码：

基本类似我就搬过来了（凑不要脸。

import pymysql

# 连接MySQL，自动执行 use userdb; -- 进入数据库
conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='root123', charset="utf8", db='userdb') //进入直接use userdb
cursor = conn.cursor()

# 1.新增（需commit）
 
cursor.execute("insert into tb1(name,password) values('武沛齐','123123')")
conn.commit()
 

# 2.删除（需commit）
 
cursor.execute("delete from tb1 where id=1")
conn.commit()
 

# 3.修改（需commit)
 
cursor.execute("update tb1 set name='xx' where id=1")
conn.commit()
 

# 4.查询(不需要commit)
 
cursor.execute("select * from tb where id>10")
data = cursor.fetchone() # cursor.fetchall() //查看几个
print(data)
 

# 关闭连接
cursor.close()
conn.close()

        案例：

                实现一个用户管理系统

import pymysql


def register():
    print("用户注册")

    user = input("请输入用户名：")  # alex
    password = input("请输入密码：")  # sb

    # 连接指定数据
    conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='root', charset="utf8", db="usersdb")
    cursor = conn.cursor()

    # 执行SQL语句（有SQL注入风险）
    # sql = 'insert into users(name,password)values("alex","sb")'
    sql = 'insert into users(name,password) values("{}","{}")'.format(user, password)

    cursor.execute(sql)
    conn.commit()

    # 关闭数据库连接
    cursor.close()
    conn.close()

    print("注册成功，用户名：{},密码:{}".format(user, password))


def login():
    print("用户登录")

    user = input("请输入用户名：")
    password = input("请输入密码：")

    # 连接指定数据
    conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='root', charset="utf8", db="usersdb")
    cursor = conn.cursor()

    # 执行SQL语句（有SQL注入风险）
    
    # sql = "select * from users where name='{}' and password='{}'".format(user, password)
    cursor.execute("select * from users where name=%s and password=%s",[user,password])

    result = cursor.fetchone()  # 去向mysql获取结果
    # None
    # (1,wupeiqi,123)

    # 关闭数据库连接
    cursor.close()
    conn.close()

    if result:
        print("登录成功", result)
    else:
        print("登录失败")


def run():
    choice = input("1.注册；2.登录")
    if choice == '1':
        register()
    elif choice == '2':
        login()
    else:
        print("输入错误")


if __name__ == '__main__':
    run()

#引用自武沛齐

SQL注入：

如果使用py字符串格式化的方式，user输入 ' or 1=1 -- 就会导致sql注入

select * from users where name=' ' or 1=1 -- ' and password='123'

所以用

cursor.execute("select * from users where name=%s and password=%s", [user, pwd])

来避免sql注入

完成作业：

create table users1(
    id int not null auto_increment primary key,
    name varchar(32) not null,
    password varchar(64) not null,
    gender char(1) not null,
    email varchar(64) null,
    amount decimal(10,2) not null default 0,
    ctime datetime
)default charset=utf8；

1.插入五条数据

insert into users1(name,password,gender,email,amount,ctime) value('liulemon','123','男','[email protected]',1000,NOW()),('gaojb','123','男','[email protected]',1000,NOW())('sqy','123','男','[email protected]',1000,NOW()),('zhangsan','123','男','[email protected]',1000,NOW())('lisi','123','女','[email protected]',1000,NOW());

2.将 id>3的所有人的性别改为 男

update users1 set gender = '男' where id>3；

3.查询余额 amount>1000的所有用户

select * from users1 where amount > 1000;

 4.让每个人的余额在自己原的基础上 +1000

update users1 set amount = amount + 1000;

5.删除性别为男的所有数据

delete from users1 where gender = '男';

 py操作：

import pymysql
import datetime

# 连接MySQL
conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='root', charset="utf8",db = 'usersdb')
cursor = conn.cursor()

# sql = """
# create table users1(
#  id int not null auto_increment primary key,
#  name varchar(32) not null,
#  password varchar(64) not null,
#  gender char(1) not null,
#  email varchar(64) null,
#  amount decimal(10,2) not null default 0,
#  ctime datetime
# )default charset=utf8；
# """
# cursor.execute(sql)
# conn.commit()

# 增
cursor.execute("insert into users1(name,password,gender,email,amount,ctime) value('liulemon','123','男','[email protected]',1000,NOW()),('gaojb','123','男','[email protected]',1000,NOW())('sqy','123','男','[email protected]',1000,NOW()),('zhangsan','123','男','[email protected]',1000,NOW())('lisi','123','女','[email protected]',1000,NOW())")
conn.commit()
cursor.execute("select * from users1")
data = cursor.fetchall();
print(data)

#改
cursor.execute("update users1 set gender = '男' where id>3")
conn.commit()
#查
cursor.execute("select * from users1 where amount > 1000")
data = cursor.fetchall();
print(data)
#改
cursor.execute("update users1 set amount = amount + 1000")
conn.commit()
#删
cursor.execute("delete from users1 where gender = '男'")
conn.commit()

#关闭连接
cursor.close()
conn.close()