小白MySQL学习-day03

最新推荐文章于 2024-04-19 00:06:58 发布

liulemon6

最新推荐文章于 2024-04-19 00:06:58 发布

阅读量215

点赞数

文章标签： mysql 学习数据库

本文链接：https://blog.csdn.net/qq_74593128/article/details/131799337

版权

实现增删改查：

客户端操作：

增：

insert into 表名 (列名,列名,列名) values(对应列的值,对应列的值,对应列的值);

例：

insert into l1 values('张三','123'),('alex','456'); -- 如果表中只有2列

删：

delete from 表名;
delete from 表名 where 条件;

例：

delete from l1 where name="zhangsan";

delete from tb1 where id=1;

改：

update 表名 set 列名=值;
update 表名 set 列名=值 where 条件;

例：

update l1 set name="zhangsan" where id=1;

update L3 set name=concat(name,"db");

查：

select * from 表名;
select 列名,列名,列名 from 表名;
select 列名,列名 as 别名,列名 from 表名;
select * from 表名 where 条件;

例：

*表示所有数据

select * from tb1 where id != 1;

select id,name as N,age, 111 from tb1;

py代码：

基本类似我就搬过来了（凑不要脸。

import pymysql

# 连接MySQL，自动执行 use userdb; -- 进入数据库
conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='root123', charset="utf8", db='userdb') //进入直接use userdb
cursor = conn.cursor()

# 1.新增（需commit）

cursor.execute("insert into tb1(name,password) values('武沛齐','123123')")
conn.commit()

# 2.删除（需commit）

cursor.execute("delete from tb1 where id=1")
conn.commit()

# 3.修改（需commit)

cursor.execute("update tb1 set name='xx' where id=1")
conn.commit()

# 4.查询(不需要commit)

cursor.execute("select * from tb where id>10")
data = cursor.fetchone() # cursor.fetchall() //查看几个
print(data)

# 关闭连接
cursor.close()
conn.close()

案例：

实现一个用户管理系统

import pymysql


def register():
    print("用户注册")

    user = input("请输入用户名：")  # alex
    password = input("请输入密码：")  # sb

    # 连接指定数据
    conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='root', charset="utf8", db="usersdb")
    cursor = conn.cursor()

    # 执行SQL语句（有SQL注入风险）
    # sql = 'insert into users(name,password)values("alex","sb")'
    sql = 'insert into users(name,password) values("{}","{}")'.format(user, password)

    cursor.execute(sql)
    conn.commit()

    # 关闭数据库连接
    cursor.close()
    conn.close()

    print("注册成功，用户名：{},密码:{}".format(user, password))


def login():
    print("用户登录")

    user = input("请输入用户名：")
    password = input("请输入密码：")

    # 连接指定数据
    conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='root', charset="utf8", db="usersdb")
    cursor = conn.cursor()

    # 执行SQL语句（有SQL注入风险）
    
    # sql = "select * from users where name='{}' and password='{}'".format(user, password)
    cursor.execute("select * from users where name=%s and password=%s",[user,password])

    result = cursor.fetchone()  # 去向mysql获取结果
    # None
    # (1,wupeiqi,123)

    # 关闭数据库连接
    cursor.close()
    conn.close()

    if result:
        print("登录成功", result)
    else:
        print("登录失败")


def run():
    choice = input("1.注册；2.登录")
    if choice == '1':
        register()
    elif choice == '2':
        login()
    else:
        print("输入错误")


if __name__ == '__main__':
    run()

#引用自武沛齐

SQL注入：

如果使用py字符串格式化的方式，user输入 ' or 1=1 -- 就会导致sql注入

select * from users where name=' ' or 1=1 -- ' and password='123'

所以用

cursor.execute("select * from users where name=%s and password=%s", [user, pwd])

来避免sql注入

完成作业：

create table users1(
   id int not null auto_increment primary key,
   name varchar(32) not null,
   password varchar(64) not null,
   gender char(1) not null,
   email varchar(64) null,
   amount decimal(10,2) not null default 0,
   ctime datetime
)default charset=utf8；

1.插入五条数据

insert into users1(name,password,gender,email,amount,ctime) value('liulemon','123','男','123@qq.com',1000,NOW()),('gaojb','123','男','1234@qq.com',1000,NOW())('sqy','123','男','12345@qq.com',1000,NOW()),('zhangsan','123','男','123456@qq.com',1000,NOW())('lisi','123','女','1234567@qq.com',1000,NOW());

2.将 id>3的所有人的性别改为男

update users1 set gender = '男' where id>3；

3.查询余额 amount>1000的所有用户

select * from users1 where amount > 1000;

4.让每个人的余额在自己原的基础上 +1000

update users1 set amount = amount + 1000;

5.删除性别为男的所有数据

delete from users1 where gender = '男';

py操作：

import pymysql
import datetime

# 连接MySQL
conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='root', charset="utf8",db = 'usersdb')
cursor = conn.cursor()

# sql = """
# create table users1(
#  id int not null auto_increment primary key,
#  name varchar(32) not null,
#  password varchar(64) not null,
#  gender char(1) not null,
#  email varchar(64) null,
#  amount decimal(10,2) not null default 0,
#  ctime datetime
# )default charset=utf8；
# """
# cursor.execute(sql)
# conn.commit()

# 增
cursor.execute("insert into users1(name,password,gender,email,amount,ctime) value('liulemon','123','男','123@qq.com',1000,NOW()),('gaojb','123','男','1234@qq.com',1000,NOW())('sqy','123','男','12345@qq.com',1000,NOW()),('zhangsan','123','男','123456@qq.com',1000,NOW())('lisi','123','女','1234567@qq.com',1000,NOW())")
conn.commit()
cursor.execute("select * from users1")
data = cursor.fetchall();
print(data)

#改
cursor.execute("update users1 set gender = '男' where id>3")
conn.commit()
#查
cursor.execute("select * from users1 where amount > 1000")
data = cursor.fetchall();
print(data)
#改
cursor.execute("update users1 set amount = amount + 1000")
conn.commit()
#删
cursor.execute("delete from users1 where gender = '男'")
conn.commit()

#关闭连接
cursor.close()
conn.close()