Python--sql注入

import pymysql<br><br>conn = pymysql.connect(host=‘211.149.218.16‘, user=‘jxz‘, password=‘123456‘, db=‘jxz‘, port=3306, charset=‘utf8‘)<br>cur = conn.cursor(cursor=pymysql.cursors.DictCursor)<br>name = ‘zdq‘<br>sex = 0<br>cur.execute(‘select * from bt_stu where real_name=%s and sex=%s‘, (name, sex))  # 可以防止sql注入<br>print(cur.fetchall())<br><br><br>def test(a, b):<br>    print(a, b)<br><br><br>li = [1, 2]<br>test(*li)<br>d = {‘a‘: ‘123‘, ‘b‘: ‘456‘}<br>test(**d)<br><br><br>def op_mysql_new(sql1, *data):<br>    # 利用*data可变参数，就能防止sql注入<br>    print(sql1)<br>    print(data)<br>    cur.execute(sql1, data)<br>    print(cur.fetchall())<br><br><br>sql = ‘select * from user where username=%s and id=%s‘<br>name = ‘haha‘<br>id1 = 140<br>op_mysql_new(sql, name, id1)<br><br># 同时执行多个sql  executemany<br>sql = ‘insert into seq (blue,red,date) values (%s,%s,%s)‘<br>all_res = [<br>    [‘16‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>    [‘15‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>    [‘14‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>    [‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>    [‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>    [‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>    [‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>    [‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>    [‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>    [‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>    [‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>    [‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],<br>]<br>cur.executemany(sql, all_res)<br>conn.commit()

Python--sql注入

标签：connect   sql   div   from   char   charset   com   sql注入   man