mysql 与 python 交互
Connector
模块语法:
MySQL Connector
是 mysql 官方的驱动模块,兼容性非常好。下载地址:https://dev.mysql.com/downloads/connector/python/
# coding:utf-8
import mysql.connector
# 创建连接
con = mysql.connector.connect(
host="localhost", port="3306",
user="root", password="123456789",
database="demo"
)
# 关闭连接
con.close()
MySQL Connector
里面的游标(cursor
)用来执行 sql 语句,而且查询的结果集也会保存在游标之中。
# coding:utf-8
import mysql.connector
# 创建连接
con = mysql.connector.connect(
host="localhost", port="3306",
user="root", password="123456789",
database="vega"
)
# 执行sql
cursor = con.cursor()
sql = "SELECT username,password,email,role_id FROM t_user;"
cursor.execute(sql)
for result in cursor:
print(result[0], result[1], result[2], result[3])
# 关闭连接
con.close()
- sql 的注入攻击:
由于 sql 语句是解释型语言,所以在拼接 sql 语句的时候,容易被注入恶意的 sql 语句。
sql 注入攻击示例:
# coding:utf-8
import mysql.connector
config = {
"host": "localhost",
"port": "3306",
"user": "root",
"password": "123456789",
"database": "vega"
}
con = mysql.connector.connect(**