import pymysql
conn = pymysql.connect(host='127.0.0.1',port=3306,user='root',passwd='ljj83538301',db='test',charset='utf8')
# cursor = conn.cursor()#拿到的是元组
cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)#拿到的是字典
'''
cursor.execute('select * from userinfo where username=%s and password=%s',('ljj',123))
'''
sql = 'select * from userinfo where username=%s and password=%s'
sql = sql % ('"ljj" or 1=1 --',123456)
print(sql)
cursor.execute(sql)
result = cursor.fetchone()
print(result)
sql = 'select * from userinfo where username=%s and password=%s'
sql = sql % ('"ljj" or 1=1 --',123456)
print(sql)
cursor.execute(sql)
这样就会产生sql注入