首页 > 数据库技术 > 详细

python19 操作mysql

时间:2020-04-10 21:57:37      阅读:79      评论:0      收藏:0      [点我收藏+]

connect 模块下载

https://dev.mysql.com/downloads/connector/python/

 

技术分享图片

import mysql.connector
con = mysql.connector.connect(
    host = "192.168.111.153",
    port = "3306",
    user = "quan",
    password = "2004",
    database = "mon"
)


con.close()

 

 

 

 技术分享图片

 

 

import mysql.connector
config = {
    "host":"192.168.111.153",
    "port":3306,
    "user":"quan",
    "password":"2004",
    "database":"mon"
}


con = mysql.connector.connect(**config)

 

技术分享图片

 

 

import mysql.connector
config = {
    "host":"192.168.111.153",
    "port":3306,
    "user":"quan",
    "password":"2004",
    "database":"mon"
}


con = mysql.connector.connect(**config)

cursor = con.cursor()
sql = "SELECT id,classname FROM class;"
cursor.execute(sql)
for one in cursor:
    print(type(one))
    print(one[0],one[1])

sql2 = "SHOW TABLES"
cursor.execute(sql2)
for i in cursor:
    print(i)



结果;
<class tuple>
1 dada
<class tuple>
2 jave
<class tuple>
4 py
(ALT,)
(class,)
(class_type,)
(fa,)
(father,)
(joson,)
(nu,)
(numm,)
(nummm,)
(provices,)
(qqq,)
(son,)
(ss,)
(tp3,)
(tp4,)
(tp5,)
(tp6,)
(user,)

 

实现sql注入;

 

SQL Injection:就是通过把SQL命令插入到Web表单递交或输入域名或页面请求的查询字符串,最终达到欺骗服务器执行恶意的SQL命令。 

具体来说,它是利用现有应用程序,将(恶意)的SQL命令注入到后台数据库引擎执行的能力,它可以通过在Web表单中输入(恶意)SQL语句得到一个存在安全漏洞的网站上的数据库,而不是按照设计者意图去执行SQL语句。

防止:

1.永远不要信任用户的输入,要对用户的输入进行校验,可以通过正则表达式,或限制长度,对单引号和双"-"进行转换等。 

2.永远不要使用动态拼装SQL,可以使用参数化的SQL或者直接使用存储过程进行数据查询存取。 

3.永远不要使用管理员权限的数据库连接,为每个应用使用单独的权限有限的数据库连接。 

4.不要把机密信息明文存放,请加密或者hash掉密码和敏感的信息。

5.应用的异常信息应该给出尽可能少的提示,最好使用自定义的错误信息对原始错误信息进行包装,把异常信息存放在独立的表中。
import mysql.connector
config = {
    "host":"192.168.111.153",
    "port":3306,
    "user":"quan",
    "password":"2004",
    "database":"mon"
}
con = mysql.connector.connect(**config)
ID = "1 OR 1 = 1"
CN = "1 OR 1 = 1"
sql = "SELECT COUNT(*) FROM class WHERE id ="+ID+" AND classname = "+CN;
cursor = con.cursor()
cursor.execute(sql)
print(cursor.fetchone()[0])
con.close()

结果:
3

技术分享图片

 

 技术分享图片

 

 技术分享图片

 

 

编译成二进制还不能执行,需要传入参数
传入参数之后二进制再进行执行,提高效率,不需要再分析磁盘这些步骤

输入的所有参数都是认为是字符串处理,不在分析,

 

技术分享图片

 

 

import mysql.connector
config = {
    "host":"192.168.111.153",
    "port":3306,
    "user":"quan",
    "password":"2004",
    "database":"mon"
}
con = mysql.connector.connect(**config)
ID = "1 OR 1 = 1"
CN = "1 OR 1 = 1"
sql = "SELECT COUNT(*) FROM class WHERE id =%s AND classname = %s ";
cursor = con.cursor()
cursor.execute(sql,(ID,CN))#这里并没有给sql直接传入参数,而是让sql先编译成二进制再传入参数
print(cursor.fetchone()[0])
con.close()


结果:
0

技术分享图片

 

 

con.commit()用于提交事务,connector不会为你自己提交
con.rollback()回滚事务

 

技术分享图片

 

 

con in dir()判断con变量是否创建

 

import  mysql.connector


try:
    con = mysql.connector.connect(
        host="192.168.111.153",
        port="3306",
        user="quan",
        password="2004",
        database="mon"
    )
    con.start_transaction()#开启事务
    cursor = con.cursor()#创建游标
    sql = "INSERT INTO class(classname) VALUES (%s)"
    cursor.execute(sql,("QQQQ",))

    con.commit()
except Exception as e:
    if "con" in dir():
        con.rollback()
    print(e)
finally:
    if "con" in dir():
        con.close()

结果:

技术分享图片

 

 

import  mysql.connector


try:
    con = mysql.connector.connect(
        host="192.168.111.153",
        port="3306",
        user="quan",
        password="2004",
        database="mon"
    )
    con.start_transaction()#开启事务
    cursor = con.cursor()#创建游标
    sql = "DELETE FROM class WHERE id = %s"
    cursor.execute(sql,(9,))

    con.commit()
except Exception as e:
    if "con" in dir():
        con.rollback()
    print(e)
finally:
    if "con" in dir():
        con.close()

 

 

技术分享图片

 

 

技术分享图片

 

 技术分享图片

 

 技术分享图片

 

 

import mysql.connector.pooling


config = {
    "host":"192.168.111.153",
    "port":"3306",
    "user":"quan",
    "password":"2004",
    "database":"mon"
}
try:
    pool = mysql.connector.pooling.MySQLConnectionPool(
        **config,
        pool_size = 10
    )
    #因为连接池里面的连接不需要关闭,所以这里不用使用finaly
    con = pool.get_connection()
    con.start_transaction()
    cursor = con.cursor()
    sql = "UPDATE class SET classname = %s WHERE id = %s"
    cursor.execute(sql,("javagai",2))
    con.commit()
except Exception as e:
    if "con" in dir():
        con.rollback()
    print(e)

技术分享图片

 

 

import mysql.connector.pooling


config = {
    "host":"192.168.111.153",
    "port":3306,
    "user":"quan",
    "password":"2004",
    "database":"mon"
}
try:
    pool = mysql.connector.pooling.MySQLConnectionPool(
        **config,
        pool_size = 10
    )
    con = pool.get_connection()
    con.start_transaction()

    cursor = con.cursor()
    sql = "DELETE class,user FROM class LEFT JOIN user ON class.id = user.cid "
    cursor.execute(sql)

    con.commit()

except Exception as e:
    if "con" in dir():
        con.rollback()
    print(e)

结果:

技术分享图片

 

 

 技术分享图片

 

 

 技术分享图片

 

 

 

import mysql.connector.pooling

config = {
    "host":"192.168.111.153",
    "port":3306,
    "user":"quan",
    "password":"2004",
    "database":"mon"
}
try:
    pool = mysql.connector.pooling.MySQLConnectionPool(
        **config,
        pool_size=10
    )
    con = pool.get_connection()
    con.start_transaction()
    cursor = con.cursor()
    sql = "INSERT INTO class VALUES (%s ,%s)"
    sql_list = [[1,"QQQ"],[2,"ZZZ"],[3,"QQQ"]]
    cursor.executemany(sql,sql_list)

    con.commit()

except Exception as e:
    if "con" in dir():
        con.rollback()
    print(e)

结果;

技术分享图片

 

 

 

 

 

实践111111111111111
将class_type表里面pid大于平均pid的信息导入到class_type_new里面,并将信息里面的name改为END

 

技术分享图片

 

 

import mysql.connector.pooling


config = {
    "host":"192.168.111.153",
    "port":3306,
    "user":"quan",
    "password":"2004",
    "database":"mon"
}
try:
    pool = mysql.connector.pooling.MySQLConnectionPool(
        **config,
        pool_size=10
    )
    con = pool.get_connection()
    con.start_transaction()

    cursor = con.cursor()
    sql = "DROP TABLE  class_type_new"
    cursor.execute(sql)
    #创建的新表
    sql = "CREATE TABLE class_type_new LIKE class_type"
    cursor.execute(sql)
    #获取平均id
    sql = "SELECT AVG(pid) AS avg FROM class_type"
    cursor.execute(sql)
    temp = cursor.fetchone()
    avg = temp[0]#平均id保存到变量
    #查找大于平均id的id
    sql = "SELECT id FROM class_type WHERE pid >=%s "
    cursor.execute(sql,(avg,))
    temp1 = cursor.fetchall()#结果保留到变量[(5,), (6,), (7,), (8,), (9,), (10,)]
    #将原来表里面符合平均id的复制到新表
    do_id = ""
    for num in range(len(temp1)):
        id = str(temp1[num][0])
        if num != len(temp1) - 1:
            id = id + ","
        do_id += id
    sql = "INSERT INTO class_type_new SELECT * FROM  class_type WHERE id IN (" + do_id +")"
    cursor.execute(sql)
    #将原来的表删除
    sql = "DELETE FROM class_type WHERE  id IN (" + do_id + ")"
    cursor.execute(sql)
    #将软来的name改为END
    sql = "UPDATE class_type_new SET name = %s"
    cursor.execute(sql,("END",))
    con.commit()
except Exception as e:
    if "con" in dir():
        con.rollback()
    print(e)

 

结果:

技术分享图片

 

 技术分享图片

 

 

 

 

 

 

实践22222222
往class_type_new里面加入两组数据,其中 id 为最大id+10

 

 

技术分享图片

 

 

不能再本表查询结果作为本表插入数据

技术分享图片

 

 

import mysql.connector.pooling


config = {
    "host":"192.168.111.153",
    "port":3306,
    "user":"quan",
    "password":"2004",
    "database":"mon"
}

try:
    pool = mysql.connector.pooling.MySQLConnectionPool(
        **config,
        pool_size=10
    )
    con = pool.get_connection()
    con.start_transaction()
    sql = "INSERT INTO class_type_new ("           "SELECT MAX(id) + 10,%s,%s FROM class_type_new) UNION "           "(SELECT MAX(id) + 20,%s,%s FROM class_type_new)"
    cursor = con.cursor()
    cursor.execute(sql,("DD",8,"EE",9))
    con.commit()

except Exception as e:
    if "con" in dir():
        con.rollback()
    print(e)

结果:

技术分享图片

 

python19 操作mysql

原文:https://www.cnblogs.com/betterquan/p/12652375.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!