时间:2021-07-01 10:21:17 帮助过:6人阅读
sql injection: Because the statement after the character(--) be identified to invalid statement
import pymysql
# establish a link
conn = pymysql.connect(host="127.0.0.1", post=3306, user="root", passwd="666", db="datebase_name", charset="utf8")
# establish a cursor
cursor = conn.cursor() # Equate to create a jurisdiction to operate mysql
# add/delete/modify/show
cursor.excute("sql_statement") # Ruturn a value, the rows modified
conn.commit() # commit the modification to mysql
# When convey args, don‘t permit to concat string
inp = input("please input your class name: >>>")
r = cursor.execute("insert into class(caption) values(%s)", inp)
g = [("arno", "male"), ("kristy", "female")]
r = cursor.executemany("insert into student(name, gender) values(%s, %s)", g)
# show
r = cursor.execute("select nid,name from student")
print(cursor.fetchall()) # cursor.fetchone; Take out the values found in terms of the scroll
# shift scroll
cursor.scroll(0, mold="absolute") # Come back the start of the file
cursor.scroll(1, mold="relative") # Go down to the file
# Modify the value‘s type found
cursor = conn.cursor(cursor=pymysql.cursor.DictCursor)
# Get the id newly created
new_id = cursor.lastrowid() -- get the the id of lastrow
cursor.close()
conn.close()
Pymysql
标签:code exec 指定 _id pymysql port nta modify please