數據庫 - Navicat與pymysql模塊
1、Nabicatpython
在生產環境中操做MySQL數據庫仍是推薦使用命令行工具mysql,但在咱們本身開發測試時,
能夠使用可視化工具Navicat,以圖形界面的形式操做MySQL數據庫
官網下載:https://www.navicat.com/en/products/navicat-for-mysql
網盤下載:https://pan.baidu.com/s/1bpo5mqj
連接:https://pan.baidu.com/s/1Hu-x0mPuSW3g9CxNFlnAng 密碼:pqe5
# 打開 雙擊:
# D:\navicatformysql\Navicat for MySQL\navicat
須要掌握的基本操做
掌握:
#1. 測試+連接數據庫
#2. 新建庫
#3. 新建表,新增字段+類型+約束
#4. 設計表:外鍵
#5. 新建查詢
#6. 備份庫/表
注意:
批量加註釋:ctrl+?鍵
批量去註釋:ctrl+shift+?鍵
2、pymysql模塊mysql
介紹:sql
- 在python程序中操做數據庫呢?這就用到了pymysql模塊,
- 該模塊本質就是一個套接字客戶端軟件,使用前須要事先安裝
- pip3 install pymysql
前提:數據庫
- 受權加建立
- grant all on *.* to 'root'@'%' identified by '123';
- flush privileges;
# -*- coding:utf-8 -*- """ 端口:3306 ip: 10.10.32.107 mysql -uroot -p123 -h 10.10.32.107 """ import pymysql name = input('user>>>:').strip() # egon1 password = input('password>>>:').strip() # 123 # 建鏈接 conn = pymysql.connect( host = '10.10.32.107', port = 3306, user = 'root', password = '123', db = 'egon', charset = 'utf8' ) # 拿遊標 cursor = conn.cursor() # 執行sql語句 sql = 'select * from userinfo where name= "%s" and password = "%s"'%(name,password) rows = cursor.execute(sql) print(rows) # 關閉 cursor.close() conn.close() # 進行判斷 if rows: print('登陸成功') else: print('登陸失敗')
SQL注入:ide
注意:符號--會註釋掉它以後的sql,正確的語法:--後至少有一個任意字符
一、sql注入之:用戶存在,繞過密碼
egon' -- 任意字符工具
二、sql注入之:用戶不存在,繞過用戶與密碼
xxx' or 1=1 -- 任意字符測試
解決方法fetch
# 原來是咱們對sql進行字符串拼接
# sql="select * from userinfo where name='%s' and password='%s'" %(user,pwd)
# print(sql)
# res=cursor.execute(sql)
#改寫爲(execute幫咱們作字符串拼接,咱們無需且必定不能再爲%s加引號了)
sql="select * from userinfo where name=%s and password=%s" #!!!注意%s須要去掉引號,由於pymysql會自動爲咱們加上
res=cursor.execute(sql,[user,pwd]) #pymysql模塊自動幫咱們解決sql注入的問題,只要咱們按照pymysql的規矩來。spa
# -*- coding:utf-8 -*- import pymysql name = input('name>>>:').strip() password = input('password>>>:').strip() conn = pymysql.connect( host = '10.10.32.107', port = 3306, user = 'root', password = '123', db = 'egon', charset = 'utf8' ) cursor = conn.cursor() # sql = 'select * from userinfo where name = "%s" and password = "%s"'%(name,password) # rows = cursor.execute(sql) sql = 'select * from userinfo where name=%s and password = %s' rows = cursor.execute(sql,(name,password)) #執行sql語句,返回sql影響成功的行數 print(sql) print(rows) cursor.close() conn.close() if rows: print('登陸成功') else: print('登陸失敗') """ name>>>:egon1" -- x #須要賬號,sql注入 -- 表示 註釋掉 只須要判斷user 不須要判斷password password>>>: select * from userinfo where name = "egon1" -- x" and password = "" 1 登陸成功 """ """ name>>>:xxx" or 1=1 -- xxx #不須要賬號密碼,sql注入 太恐怖!! password>>>: select * from userinfo where name = "xxx" or 1=1 -- xxx" and password = "" 3 登陸成功 """ """ 解決辦法: sql = 'select * from userinfo where name=%s and password = %s' rows = cursor.execute(sql,(name,password)) """ sql注入
3、pymysql模塊中增刪改查命令行
增: sql = 'insert into userinfo(name,password) values(%s,%s)' rows = cursor.execute(sql,('lily','123')) conn.commit() # 注意只有執行了commit() 纔會更新到數據庫中 批量: rows = cursor.executemany(sql,[('alice4','123'),('alice5','123'),('alice6','123')]) print(cursor.lastrowid) # 顯示插入數據前的id 走到哪 刪: sql = 'delete from userinfo where name = %s' rows = cursor.execute(sql,('alice5')) conn.commit() 改: sql = 'update userinfo set name = %s where id = %s ' rows = cursor.execute(sql,('abcd',2)) conn.commit() 查: # 元祖形式 cursor = conn.cursor() rows = cursor.execute(sql) print(cursor.fetchone()) print(cursor.fetchmany(3)) print(cursor.fetchall()) print(cursor.fetchone()) # None 沒有數據了! ((1, 'aaabbb', '123'), (2, 'abcd', '456'), (3, 'egon3', '789')) # 字典形式 cursor = conn.cursor(pymysql.cursors.DictCursor) cursor.fetchone() cursor.fetchmany(2) cursor.fetchall() [{'id': 3, 'name': 'egon3', 'password': '789'}, {'id': 6, 'name': 'alice', 'password': '123'}] # 相對 絕對 移動遊標 print(cursor.fetchone()) cursor.scroll(5,'absolute') # cursor.scroll(5,'relative') print(cursor.fetchmany(2))
import pymysql #創建鏈接 conn = pymysql.connect( host='10.10.32.107', port=3306, user='root', password='123', db='db9', charset='utf8' ) #拿到遊標 cursor=conn.cursor() #執行sql # 增、刪、改 #增 sql = 'insert into userinfo(user, pwd) values(%s, %s)' # rows = cursor.execute(sql,('wxx','123')) # print(rows) # rows = cursor.executemany(sql,[('yxx','123'),('egon1','111')]) #插入多行 # print(rows) rows = cursor.executemany(sql,[('egon2','123'),('egon3','111')]) print(cursor.lastrowid) #查看id字段走到哪了 #刪 # sql = 'truncate table userinfo' # rows = cursor.execute(sql) #改 sql = 'update userinfo set user = "yxw" where pwd =123' rows = cursor.execute(sql) conn.commit() #提交操做 #關閉 cursor.close() conn.close() """查""" import pymysql conn = pymysql.connect( host = '192.168.1.102', port = 3306, user = "root", password = '123', db = 'egon', charset = 'utf8' ) cursor = conn.cursor() # cursor = conn.cursor(pymysql.cursors.DictCursor) sql = 'select * from userinfo' rows = cursor.execute(sql) #執行sql語句,返回sql影響成功的行數rows,將結果放入一個集合,等待被查詢 print(rows) # print(cursor.fetchone()) # print(cursor.fetchone()) # print(cursor.fetchmany(2)) # print(cursor.fetchall()) # print(cursor.fetchone()) # None print(cursor.fetchone()) cursor.scroll(5,'absolute') # cursor.scroll(5,'relative') print(cursor.fetchmany(2)) cursor.close() conn.close() if rows: print('操做成功') else: print('失敗')
相關文章
- 1. Navicat工具、pymysql模塊、數據備份
- 2. Navicat工具、pymysql模塊
- 3. Navicat使用,pymysql模塊
- 4. sql 模塊 pymysql 數據庫操做
- 5. pymysql模塊連接數據庫詳解
- 6. python - pymysql模塊學習-數據庫
- 7. 數據備份、pymysql模塊
- 8. Mysql數據庫與pymysql
- 9. python — 索引與pymysql模塊
- 10. mysql索引與pymysql模塊
- 更多相關文章...
- • Lua 模塊與包 - Lua 教程
- • DTD - XML 構建模塊 - DTD 教程
- • Flink 數據傳輸及反壓詳解
- • 委託模式
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
