pymysql是python连接mysql操作的一个模块,pymysql操作:
import pymysql
conn = pymysql.connect(
host='192.168.247.100',
port=3306,
user='root',
password='123457',
database='test',
charset='utf8'
)
# cursor = conn.cursor(pymysql.cursors.DictCursor) #加参数pymysql.cursors.DictCursor表示以字典形式返回
cursor = conn.cursor()
sql = "show create table SC;"
ret = cursor.execute(sql) #获取行数
print(ret)
# print(cursor.fetchall()) #返回元组
# print(cursor.fetchone()) #返回单条数据
# print(cursor.fetchmany()) #不写参数,以元组的形势返回一条数据
# print(cursor.fetchmany(3)) #返回3条数据
# cursor.scroll(2,'relative') #控制游标位置,absolute是绝对位置,relative是相对位置
print(cursor.fetchone())
#除查外,增删改都需要commit提交操作
sql = "insert into SC values('lg','lg',80)"
cursor.execute(sql)
conn.commit() #commit提交
sql = 'select * from SC'
cursor.execute(sql)
print(cursor.fetchall())
sql注入
场景:模拟登入,输入用户名和密码,代码:
import pymysql
conn = pymysql.connect(
host='192.168.247.100',
port=3306,
user='root',
password='123457',
database='test',
charset='utf8'
)
while 1:
username = input("请输入用户名:")
password = input("请输入密码:")
cursor = conn.cursor()
sql = "select * from user where username='%s' and password='%s'" % (username,password)
ret = cursor.execute(sql)
if ret:
print("登入成功")
else:
print("密码错误,请重新输入")
user表:
mysql> select * from user;
+----+----------+----------+
| id | username | password |
+----+----------+----------+
| 1 | lg | 123 |
| 2 | wx | 456 |
+----+----------+----------+
2 rows in set (0.00 sec)
演示:
1.不需要密码:
2.不需要用户名:
不过这种简单的sql语句注入现在已经不可能在现实中存在了,因为基本都自带sql语句过滤。或者输入限制不使用特殊字符,进行过滤。