@server.route('/login',methods=['post'])
def login():
username=flask.request.values.get('u')
password=flask.request.values.get('p')
sql="select * from USER where username='%s' and password='%s';"%(username,password)
print(sql)
#username=" ' or '1'='1"
#username=" ';show tables;--"
#username=
#select * from user where username='' or '1'='1' and password=''
#利用一个条件为真
res=op_mysql(sql)
if res:
#response=json.dumps()
response={'msg':'登陆成功'}
else:
response={'msg':'登录失败'}
return json.dumps(response,ensure_ascii=False)
#避免sql注入;注入的原理是引号
cursor.execute("select