python 链接 mysql数据库

#需要导入pymysql模块

import pymysql
conn = pymysql.connect(
    host = '127.0.0.1',
    port = 3306,
    user = 'root',
    password = '*****',
    charset = 'utf8',           #编码也一定要添加
    database = 'user_db'   #一定要添加要使用的数据库
)
cursor = conn.cursor(cursor = pymysql.cursors.DictCursor)  
#设值获取的内容为字典模式,默认是元组

sql = 'select * from user_db'   #你要执行的sql语句
cursor.execute(sql)

print(cursor.fetchone())   #获取一条
print(cursor.fetchmany(5)) #参数说明  要获取多少
print(cursor.fetchall())       #获取所有
#  注意:  获取的时候,有类似读文件的光标,
    可以用 cursor.scroll(1,'relative')   
          cursor.scroll(1,'absolute')  来控制
#   absolute 是以开头为参考,relative 是以当前为参考


***************sql注入的问题*******************
通过特殊符号,达到欺骗,
select * from user_db where name = 'lqw' -- dadadada 
#知道用户名,需要密码的部分被注释掉了,直接登录成功
select * from uer_db where name = 'add ' or 1 = 1 -- dada
#不知道用户名,通过or 只要成立一个 1=1恒成立,也可以进入
,解决办法,不要让关键,敏感的自己拼接,
import pymysql

conn = pymysql.connect(.......
)  注意:要添加用的数据库

cursor = conn.cursor()
sql = 'select *from where name = "%s" and password = "%s"'
cuusor.ececute(sql,(name,password))

******************pymysql的增删改查******************
import pymysql

conn = pymysql.connect(
    host = '127.0.0.1',
    port = 3306,
    user = 'root',
    password = '991018',
    db = 'user_db',
    charset =  'utf8',
    autocommit = True   #自动提交  保存
)
cursor = conn.cursor(pymysql.cursors.DictCursor)  #结果是以字典的
                               形式保存的
#查
# sql = 'select password from user_db where username ="lqw" ;'
# res = cursor.execute(sql)
# print(res)
# print(type(cursor.fetchone().get("password")))

 # 删
# sql = 'delete from user_db where username ="alex"'
#
# res = cursor.execute(sql)
# print(res)
# sql1 = 'select *from user_db'
# cursor.execute(sql1)
# print(cursor.fetchall())
#改

# sql12 = 'update user_db set password = "123456" where 
                        username = "lqw"'
# res = cursor.execute(sql12)
# print(res)
# print(cursor.fetchone())
# sql1 = 'select *from user_db'
# cursor.execute(sql1)
# print(cursor.fetchall())
#增
# sql = 'select password from user_db where username ="lqw" ;
sql = 'insert user_db(username,password) values(%s,%s)'
cursor.executemany(sql,[("tank","123"),("hanhan","123")])
# sql1 = 'select *from user_db'
# cursor.execute(sql1)
print(cursor.fetchall())
 


   #        提提神







    永远不要高估自己




        

	      

	    

	  

	  

	    
      
        【推广】
        免费学中医,健康全家人
      
	  

    

    

          原文地址:https://www.cnblogs.com/liqiangwei/p/13875737.html