Initial knowledge of Pymysql module

1. Initial knowledge of Pymysql module
2. SQL injection problem
3. Pymysql and additions to the change
4. Pymysql's Query

1.pymysThe initial knowledge of QL moduleImport Pymysqlconn = pymysql.connect (host= ' localhost ', user= ' root ', password= ' ren666666 ', database= ' test1 ', charset= ' UTF8 ') cursor = Conn.cursor () print ('----1----') sql = "SELECT * from Chart1" cursor.execute (sql) result = Cursor.fetchone () Cursor.close () Conn.close () print (result)problems with 2.SQL injection:sql = "SELECT * from Chart1 where username= '%s ' and password= '%s '"% (user,pwd) #这样以字符串拼接会出现sql注入的问题cursor. Execute (SQL) issue As follows: If the input user=uu ' or 1=1--will happen a moment select * from Chart1 where username= ' uu ' or 1=1--' and password= '%s '#注意这里的--is a note in MySQLThis will result in a successful login even if the password is not entered and the account is not known.3.pymysql Additions and deletions: Insert a single valueImport Pymysqluser = 1pwd = ' pycharm 'conn = pymysql.connect (host= ' localhost ', user= ' root ', password= ' ren666666 ', database= ' test1 ')cursor = conn.cursor ()print ('----1----')sql = "INSERT into Chart1 (id,name) VALUES (%s,%s)"cursor.executemany (SQL,[User,pwd])Conn.commit() #数据修改必须要用这个命令提交result = Cursor.fetchone ()cursor.close ()conn.close ()print (Result) #插入多个值Import Pymysqlconn = pymysql.connect (host= ' localhost ', user= ' root ', password= ' ren666666 ', database= ' test1 ')cursor = conn.cursor ()print ('----1----')sql = "INSERT into Chart1 (id,name) VALUES (%s,%s)"cursor.executemany (SQL,[(5, ' Pycharm '), (6, ' sublime ')])Conn.commit() #数据修改必须要用这个命令提交result = Cursor.fetchone ()cursor.close ()conn.close ()print (Result)query for 4.pymysql:Import Pymysqlconn = pymysql.connect (host= ' localhost ', user= ' root ', password= ' ren666666 ', database= ' test1 ') cursor = Conn.cursor () print ('----1----') sql = "SELECT * from Chart1" cursor.execute (SQL)# result = Cursor.fetchone () #只能拿到一个数据# result = Cursot.fetchall () #拿到所以数据result = Cursor.fetchmany (4) #拿到4个数据Print (Result) cursor.close () conn.close () Import pymysqlconn = Pymysql.connect (host= ' localhost ', user= ' root ', password = ' ren666666 ', database= ' test1 ') #cursor = Conn.cursor () #这个的话会返回元组类型的结果cursor = Conn.cursor (Cursor=pymysql.cursors.dictcursor) #这个会以字典形式返回print ('----1----') sql = "SELECT * from Chart1" cursor.execute (sql) result = Cursor.fetchmany (4) #拿到4个数据pr Int (Result) cursor.close () Conn.close ()# [{' id ': 1, ' name ': ' Python '}, {' id ': 2, ' name ': ' Pycharm '}, {' id ': 3, ' name ': ' Pycharm '}, {' id ': 4, ' name ': ' Anacond A '}]

Initial knowledge of Pymysql module