from pymysql import *
def main():
# 创建Connextion连接
conn = connect(host='localhost', port=3306, user='root', password='', database='test', charset='utf8')
# 获取Cursor对象
cursor = conn.cursor()
param = "' or 1 = 1 or '1"
sql = "select * from users where username = '%s'" % (param,)
count = cursor.execute(sql)
print(count)
# 结果是2 获取到数据库所有记录
print(cursor.fetchall())
# ((1, '张三', '男', 10), (2, '李四', '男', 10))
count1 = cursor.execute("select * from users where username = %s", param)
print(count1)
# 结果是0
if __name__ == '__main__':
main()