python之路-Pymysql

pip3 install pymysql

一、執行SQL

 1 #!/usr/bin/env pytho
 2 # -*- coding:utf-8 -*-
 3 import pymysql
 4   
 5 # 建立鏈接
 6 conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1', charset='utf8')
 7 # 建立遊標
 8 cursor = conn.cursor()
 9   
10 # 執行SQL，並返回收影響行數
11 effect_row = cursor.execute("select * from tb7")
12   
13 # 執行SQL，並返回受影響行數
14 #effect_row = cursor.execute("update tb7 set pass = '123' where nid = %s", (11,))
15   
16 # 執行SQL，並返回受影響行數,執行屢次
17 #effect_row = cursor.executemany("insert into tb7(user,pass,licnese)values(%s,%s,%s)", [("u1","u1pass","11111"),("u2","u2pass","22222")])
18   
19   
20 # 提交，否則沒法保存新建或者修改的數據
21 conn.commit()
22   
23 # 關閉遊標
24 cursor.close()
25 # 關閉鏈接
26 conn.close()

View Code

注意：存在中文的時候，鏈接須要添加charset='utf8'，不然中文顯示亂碼。

二、獲取查詢數據

 1 #! /usr/bin/env python
 2 # -*- coding:utf-8 -*-
 3 # __author__ = "TKQ"
 4 import pymysql
 5  
 6 conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1')
 7 cursor = conn.cursor()
 8 cursor.execute("select * from tb7")
 9  
10 # 獲取剩餘結果的第一行數據
11 row_1 = cursor.fetchone()
12 print row_1
13 # 獲取剩餘結果前n行數據
14 # row_2 = cursor.fetchmany(3)
15  
16 # 獲取剩餘結果全部數據
17 # row_3 = cursor.fetchall()
18  
19 conn.commit()
20 cursor.close()
21 conn.close()

View Code

三、獲取新建立數據自增ID

 1 #! /usr/bin/env python
 2 # -*- coding:utf-8 -*-
 3 # __author__ = "TKQ"
 4 import pymysql
 5  
 6 conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1')
 7 cursor = conn.cursor()
 8 effect_row = cursor.executemany("insert into tb7(user,pass,licnese)values(%s,%s,%s)", [("u3","u3pass","11113"),("u4","u4pass","22224")])
 9 conn.commit()
10 cursor.close()
11 conn.close()
12 #獲取自增id
13 new_id = cursor.lastrowid      
14 print new_id

View Code

四、移動遊標

操做都是靠遊標，那對遊標的控制也是必須的

1 注：在fetch數據時按照順序進行，可使用cursor.scroll(num,mode)來移動遊標位置，如：
2  
3 cursor.scroll(1,mode='relative') # 相對當前位置移動

View Code

五、fetch數據類型

關於默認獲取的數據是元祖類型，若是想要或者字典類型的數據，即：

 1 #! /usr/bin/env python
 2 # -*- coding:utf-8 -*-
 3 # __author__ = "TKQ"
 4 import pymysql
 5  
 6 conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1')
 7 #遊標設置爲字典類型
 8 cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
 9 cursor.execute("select * from tb7")
10  
11 row_1 = cursor.fetchone()
12 print row_1　　#{u'licnese': 213, u'user': '123', u'nid': 10, u'pass': '213'}
13  
14 conn.commit()
15 cursor.close()
16 conn.close()

View Code

六、調用存儲過程

a、調用無參存儲過程

 1 #! /usr/bin/env python
 2 # -*- coding:utf-8 -*-
 3 # __author__ = "TKQ"
 4  
 5 import pymysql
 6  
 7 conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1')
 8 #遊標設置爲字典類型
 9 cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
10 #無參數存儲過程
11 cursor.callproc('p2')  #等價於cursor.execute("call p2()")
12  
13 row_1 = cursor.fetchone()
14 print row_1
15  
16  
17 conn.commit()
18 cursor.close()
19 conn.close()

View Code

b、調用有參存儲過程

 1 #! /usr/bin/env python
 2 # -*- coding:utf-8 -*-
 3 # __author__ = "TKQ"
 4  
 5 import pymysql
 6  
 7 conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1')
 8 cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
 9  
10 cursor.callproc('p1', args=(1, 22, 3, 4))
11 #獲取執行完存儲的參數,參數@開頭
12 cursor.execute("select @p1,@_p1_1,@_p1_2,@_p1_3")  #{u'@_p1_1': 22, u'@p1': None, u'@_p1_2': 103, u'@_p1_3': 24}
13 row_1 = cursor.fetchone()
14 print row_1
15  
16  
17 conn.commit()
18 cursor.close()
19 conn.close()

View Code

3、關於pymysql防注入

 一、字符串拼接查詢，形成注入

正常查詢語句：

 1 #! /usr/bin/env python
 2 # -*- coding:utf-8 -*-
 3 # __author__ = "TKQ"
 4 import pymysql
 5  
 6 conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1')
 7 cursor = conn.cursor()
 8 user="u1"
 9 passwd="u1pass"
10 #正常構造語句的狀況
11 sql="select user,pass from tb7 where user='%s' and pass='%s'" % (user,passwd)
12 #sql=select user,pass from tb7 where user='u1' and pass='u1pass'
13 row_count=cursor.execute(sql) row_1 = cursor.fetchone()
14 print row_count,row_1
15  
16 conn.commit()
17 cursor.close()
18 conn.close()

View Code

構造注入語句：

 1 #! /usr/bin/env python
 2 # -*- coding:utf-8 -*-
 3 # __author__ = "TKQ"
 4 import pymysql
 5  
 6 conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1')
 7 cursor = conn.cursor()
 8  
 9 user="u1' or '1'-- "
10 passwd="u1pass"
11 sql="select user,pass from tb7 where user='%s' and pass='%s'" % (user,passwd)
12  
13 #拼接語句被構形成下面這樣，永真條件，此時就注入成功了。所以要避免這種狀況需使用pymysql提供的參數化查詢。
14 #select user,pass from tb7 where user='u1' or '1'-- ' and pass='u1pass'
15  
16 row_count=cursor.execute(sql)
17 row_1 = cursor.fetchone()
18 print row_count,row_1
19  
20  
21 conn.commit()
22 cursor.close()
23 conn.close()

View Code

 二、避免注入，使用pymysql提供的參數化語句

正常參數化查詢

 1 #! /usr/bin/env python
 2 # -*- coding:utf-8 -*-
 3 # __author__ = "TKQ"
 4  
 5 import pymysql
 6  
 7 conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1')
 8 cursor = conn.cursor()
 9 user="u1"
10 passwd="u1pass"
11 #執行參數化查詢
12 row_count=cursor.execute("select user,pass from tb7 where user=%s and pass=%s",(user,passwd))
13 row_1 = cursor.fetchone()
14 print row_count,row_1
15  
16 conn.commit()
17 cursor.close()
18 conn.close()

View Code

構造注入，參數化查詢注入失敗。

 1 #! /usr/bin/env python
 2 # -*- coding:utf-8 -*-
 3 # __author__ = "TKQ"
 4 import pymysql
 5  
 6 conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1')
 7 cursor = conn.cursor()
 8  
 9 user="u1' or '1'-- "
10 passwd="u1pass"
11 #執行參數化查詢
12 row_count=cursor.execute("select user,pass from tb7 where user=%s and pass=%s",(user,passwd))
13 #內部執行參數化生成的SQL語句，對特殊字符進行了加\轉義，避免注入語句生成。
14 # sql=cursor.mogrify("select user,pass from tb7 where user=%s and pass=%s",(user,passwd))
15 # print sql
16 #select user,pass from tb7 where user='u1\' or \'1\'-- ' and pass='u1pass'被轉義的語句。
17  
18 row_1 = cursor.fetchone()
19 print row_count,row_1
20  
21 conn.commit()
22 cursor.close()
23 conn.close()

View Code

結論：excute執行SQL語句的時候，必須使用參數化的方式，不然必然產生SQL注入漏洞。

三、使用存mysql儲過程動態執行SQL防注入

使用MYSQL存儲過程自動提供防注入，動態傳入SQL到存儲過程執行語句。

 1 delimiter \\
 2 DROP PROCEDURE IF EXISTS proc_sql \\
 3 CREATE PROCEDURE proc_sql (
 4   in nid1 INT,
 5   in nid2 INT,
 6   in callsql VARCHAR(255)
 7   )
 8 BEGIN
 9   set @nid1 = nid1;
10   set @nid2 = nid2;
11   set @callsql = callsql;
12     PREPARE myprod FROM @callsql;
13 --   PREPARE prod FROM 'select * from tb2 where nid>? and nid<?';  傳入的值爲字符串，？爲佔位符
14 --   用@p1，和@p2填充佔位符
15     EXECUTE myprod USING @nid1,@nid2;
16   DEALLOCATE prepare myprod;
17  
18 END\\
19 delimiter ;

View Code

1 set @nid1=12;
2 set @nid2=15;
3 set @callsql = 'select * from tb7 where nid>? and nid<?';
4 CALL proc_sql(@nid1,@nid2,@callsql)

View Code

pymsql中調用

 1 #! /usr/bin/env python
 2 # -*- coding:utf-8 -*-
 3 # __author__ = "TKQ"
 4 import pymysql
 5  
 6 conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1')
 7 cursor = conn.cursor()
 8 mysql="select * from tb7 where nid>? and nid<?"
 9 cursor.callproc('proc_sql', args=(11, 15, mysql))
10  
11 rows = cursor.fetchall()
12 print rows #((12, 'u1', 'u1pass', 11111), (13, 'u2', 'u2pass', 22222), (14, 'u3', 'u3pass', 11113))
13 conn.commit()
14 cursor.close()
15 conn.close()

View Code

4、使用with簡化鏈接過程

每次都鏈接關閉很麻煩，使用上下文管理，簡化鏈接過程

 1 #! /usr/bin/env python
 2 # -*- coding:utf-8 -*-
 3 # __author__ = "TKQ"
 4  
 5 import pymysql
 6 import contextlib
 7 #定義上下文管理器，鏈接後自動關閉鏈接
 8 @contextlib.contextmanager
 9 def mysql(host='127.0.0.1', port=3306, user='root', passwd='', db='tkq1',charset='utf8'):
10   conn = pymysql.connect(host=host, port=port, user=user, passwd=passwd, db=db, charset=charset)
11   cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
12   try:
13     yield cursor
14   finally:
15     conn.commit()
16     cursor.close()
17     conn.close()
18  
19 # 執行sql
20 with mysql() as cursor:
21   print(cursor)
22   row_count = cursor.execute("select * from tb7")
23   row_1 = cursor.fetchone()
24   print row_count, row_1

View Code