標籤:安裝 nec /usr dict ati 多行 串連 etc rowid
本篇對於Python操作MySQL主要使用兩種方式:
pymysql
下載安裝
pip3 install pymysql #pip3命令的路徑:安裝路徑下的Scripts目錄# 下載 pymysql到本地# 解壓到執行目錄 # python2,預設無pip命令# python3,預設內建pip3命令 python3 -m pip install --upgrade pip 更新pip#https://pypi.python.org/pypi 模組源
使用操作
1.執行sql語句
1 #!/usr/bin/env python 2 # -*- coding:utf-8 -*- 3 import pymysql 4 5 # 建立串連 6 conn = pymysql.connect(host=‘127.0.0.1‘, port=3306, user=‘root‘, passwd=‘123‘, db=‘t1‘,charset=‘utf8‘) 7 # 建立遊標(建立串連只是開啟了資料庫,要想取資料需要通過遊標來取) 8 cursor = conn.cursor() 9 10 # 執行SQL,並返回受收影響行數(即有一個傳回值)11 effect_row = cursor.execute("update hosts set host = ‘1.1.1.2‘")12 cursor.execute("insert into class(caption) values(‘全棧二班‘)") 13 14 # 執行SQL,並返回受影響行數,插入多行使用executemany15 #effect_row = cursor.executemany("insert into hosts(host,color_id)values(%s,%s)", [("1.1.1.11",1),("1.1.1.11",2)]) 16 effect_row = cursor.execute("delete from score where sid = 3")17 18 inp = input("請輸入IP地址") 19 cursor.execute("insert into hosts(host) values(%s)",inp)
20
21 cursor.execute("select * from student") #查詢的資料從資料庫中取出儲存在記憶體中
22 result1 = cursor.fetchall()
23 print(result1) #輸出查詢的結果
24 result2 = cursor.fetchone()
25 print(result2) #輸出查詢的第一條結果
26 result3 = cursor.fetchmany(3)
27 print(result3) #輸出查詢的前n條結果
2822 # 提交,不然無法儲存建立或者修改的資料23 conn.commit()24 25 # 關閉遊標26 cursor.close()27 # 關閉串連28 conn.close()
2.擷取查詢資料
1 #!/usr/bin/env python 2 # -*- coding:utf-8 -*- 3 import pymysql 4 5 conn = pymysql.connect(host=‘127.0.0.1‘, port=3306, user=‘root‘, passwd=‘123‘, db=‘t1‘) 6 cursor = conn.cursor() 7 cursor.execute("select * from hosts") 8 9 # 擷取第一行資料10 row_1 = cursor.fetchone()11 12 # 擷取前n行資料13 # row_2 = cursor.fetchmany(3)14 # 擷取所有資料15 # row_3 = cursor.fetchall()16 17 conn.commit()18 cursor.close()19 conn.close()
註:在fetch資料時按照順序進行,可以使用cursor.scroll(num,mode)來移動遊標位置,如:
3.sql注入
無需使用者名稱和密碼就可以實現對資料庫進行插入操作
1 conn = pymysql.connect(host=‘127.0.0.1‘, port=3306, user=‘root‘, passwd=‘123‘, db=‘t1‘) 2 #正常應採用以下的方式,不會出現安全問題 3 cursor.execute(‘select username,password from userinfo where username=%s and password=%s‘,(‘alex‘,123)) 4 result = cursor.fetchone() 5 print(result) 6 7 #字串拼接會出現安全問題 8 #可正常執行: 9 sql = ‘select username,password from userinfo where username="%s" and password="%s"‘10 sql = sql %(‘alex‘,123)11 cursor.execute(sql)12 result = cursor.fetchone()13 print(result)14 15 #不能執行16 sql = ‘select username,password from userinfo where username="%s" and password="%s"‘
17 sql = sql %(‘alex‘,1236)18 cursor.execute(sql)19 result = cursor.fetchone()20 print(result)21 22 #可正常執行:即密碼錯誤也能取到資料23 sql = ‘select username,password from userinfo where username="%s" and password="%s"‘
24 sql = sql %(‘alex‘‘ -- ‘,1236) #‘select username,password from userinfo where username="alex‘‘ -- " and password="%s"‘ 後面的就注釋掉
#sql = sql %(‘alex‘‘ or 1=1 -- ‘,1236) 即使不存在使用者名稱也成立即命令也能執行25 cursor.execute(sql)26 result = cursor.fetchone()27 print(result)
4.fetch資料類型
關於預設擷取的資料是元祖類型,如果想要擷取字典類型的資料,即:
1 #!/usr/bin/env python 2 # -*- coding:utf-8 -*- 3 import pymysql 4 5 conn = pymysql.connect(host=‘127.0.0.1‘, port=3306, user=‘root‘, passwd=‘123‘, db=‘t1‘) 6 7 # 遊標設定為字典類型 8 cursor = conn.cursor(cursor=pymysql.cursors.DictCursor) 9
10 11 result = cursor.fetchone()12 13 conn.commit()14 cursor.close()15 conn.close()
5.擷取新建立資料自增ID
1 #!/usr/bin/env python 2 # -*- coding:utf-8 -*- 3 import pymysql 4 5 conn = pymysql.connect(host=‘127.0.0.1‘, port=3306, user=‘root‘, passwd=‘123‘, db=‘t1‘) 6 cursor = conn.cursor() 7 cursor.executemany("insert into hosts(host,color_id)values(%s,%s)", [("1.1.1.11",1),("1.1.1.11",2)]) 8 conn.commit() 9 cursor.close()10 conn.close()11 12 # 擷取最新自增ID13 new_id = cursor.lastrowid
python基礎篇-python操作mysql
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
