MySQL >>> Python Code

MySQL Python code operation

# Install module pymysql
 Import pymysql   

Conn = pymysql. Connect (       # links
   Host = ' localhost ' ,
   User = ' the root ' ,
   password = ' 123 ' ,
   Database = ' Egon ' ,
   charset = ' UTF8 ' ) where # is not utf -8, without bars 

# a manner: 
cursor = conn.cursor ()    # generates a cursor, and the finished return a result set to the default tuplesDisplay 
# Second way: 
Cursor = conn.cursor ( Cursor = pymysql.cursors.DictCursor )    # dictionary-way   display data
　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　 　# key is a field value table is a table information corresponding to the field


 # 3.pymysql database operation 
# execute sql statement 
INPUT = User ( " >>>: " ) .strip () 
pwd = INPUT ( " >>>: " ) .strip ()
 SQL = ' SELECT * from UserInfo WHERE name = "% S"  and password = "% S " ' % (User, pwd)   # Note% s requires quotes
 
rows =the Cursor. the Execute (sql)    # execute sql statement, there is a return value, return sql query successful record number 
# obtain real data the Cursor. fetchone () , the Cursor. fetchall () , the Cursor. fetchmany () , the value of similar pipes, get one, all, a plurality of
 
cursor. Scroll ( . 1, ' relative ' )   # controlling cursor relative movement  expressed relative to the current location data of a rearward movement 
cursor. Scroll (. 3, 'absolute ' )   # controlling cursor absolute movement   represents relative to the starting position of data moved backward three data 


cursor.close () 
conn.Close ()

 SQL injection problems

　  Do not manually splicing sql statement to query !!!

　　　　 sql injection: is the use of the comment symbols have special significance such as to complete some operations show

　　　　After writing a sql statement  do not manually splicing critical data
　　　　but to excute help you to do stitching

INPUT = username ( " >>>: " ) .strip () 
password = INPUT ( " >>>: " ) .strip () 
SQL = " SELECT * WHERE from User username = '% S' and password = 'S% ' " % (username, password) 

# username correct 
username >>>: Jason ' - jjsakfjjdkjjkjs 
# user name and password are not on the 
username >>>: xxx ' or 1 = 1 --asdjkdklqwjdjkjasdljad 
password >>>: ' ' # ### CRUD 
# by 
SQL = "insert into user(username,password) values(%s,%s)"
rows Cursor.excute = (SQL, ( ' Jason ' , ' 123 ' )) 

# Modify 
SQL = " Update User username = SET 'jasonDSB'. 1 WHERE ID = " 
rows = cursor.excute (SQL) 

"" " 
increase and change alone execution excute does not really affect the data, you must execute conn.commit () can complete a real additions and changes 
so you can configure the connection parameters automatically submitted when autocommit = true >>>
 "" " 

# username = the INPUT ( 'username >>>: ') 
# password = INPUT (' >>> password: ') 
# = SQL "SELECT * WHERE from User name = % S and password = % S "
# print(sql)
# res = cursor.execute(sql,(username, password) )   # can help you automatically filter special symbols to avoid sql injection issue
 #　　　　　　   # according to the Execute automatically identify the location sql statement% s to help you do replace   only recognize% s
 # IF RES:
# Print (the Cursor .fetchall ())
# the else:
# Print ( "user name or password ')


#insert more rows
res = cursor, excutemany (sql,