#方法一:[root@egon backup]# mysql -uroot -p123 < /backup/all.sql#方法二:
mysql> use db1;
mysql> SET SQL_LOG_BIN=0;#关闭二进制日志,只对当前session生效
mysql> source /root/db1.sql
事务和锁
begin;# 开启事务
select *from emp where id=1for update;# 查询id值,for update添加行锁;
update emp set salary=10000 where id=1;# 完成更新
commit;# 提交事务
解决mysql注入问题
先建表来测试
createtable userinfo(
id intprimarykeyauto_increment,
name char(12)uniquenotnull,
password char(18)notnull);insertinto userinfo(name,password)values('min','min1234')
username = input('user >>>')
password = input('passwd >>>')sql="select * from userinfo where name = '%s' and password = '%s'"%(username,password)print(sql)
用了“ -- ” mysql会注释掉--之后的sql语句select*from userinfo where name ='alex';-- and password = '792164987034';select*from userinfo where name =219879or1=1;-- and password = 792164987034;select*from userinfo where name ='219879'or1=1;-- and password = '792164987034';
执行产生问题,并解决
import pymysql
conn = pymysql.connect(host='127.0.0.1',user='root',
password='123',database='day41')
cur = conn.cursor()
username = input('user >>>')
password = input('passwd >>>')# sql = "select * from userinfo where name = %s and password = %s"# sql = "select * from userinfo where name = '%s' and password = '%s'"%(username,password) 这样会导致sql注入问题sql="select * from userinfo where name=%s and password= %s"# 这里就不需字符串的拼接了
cur.execute(sql,(username, password))# 解决:让生成游标来帮助完成拼接print(cur.fetchone())
cur.close()
conn.close()