时间:2021-07-01 10:21:17 帮助过:3人阅读
import pymysql
conn = pymysql.connect(host=‘211.149.218.16‘, user=‘jxz‘, password=‘123456‘, db=‘jxz‘, port=3306, charset=‘utf8‘)
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)
name = ‘zdq‘
sex = 0
cur.execute(‘select * from bt_stu where real_name=%s and sex=%s‘, (name, sex)) # 可以防止sql注入
print(cur.fetchall())
def test(a, b):
print(a, b)
li = [1, 2]
test(*li)
d = {‘a‘: ‘123‘, ‘b‘: ‘456‘}
test(**d)
def op_mysql_new(sql1, *data):
# 利用*data可变参数,就能防止sql注入
print(sql1)
print(data)
cur.execute(sql1, data)
print(cur.fetchall())
sql = ‘select * from user where username=%s and id=%s‘
name = ‘haha‘
id1 = 140
op_mysql_new(sql, name, id1)
# 同时执行多个sql executemany
sql = ‘insert into seq (blue,red,date) values (%s,%s,%s)‘
all_res = [
[‘16‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
[‘15‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
[‘14‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
[‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
[‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
[‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
[‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
[‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
[‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
[‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
[‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
[‘13‘, ‘01,02,03,05,09,06‘, ‘2018-01-28‘],
]
cur.executemany(sql, all_res)
conn.commit()
Python--sql注入
标签:connect sql div from char charset com sql注入 man