import pymysql
# pyoracle
# 1、连接上mysql ip 端口号 密码 账号 数据库
# 2、建立游标
# 3、执行sql
# 4、获取结果
# 5、关闭连接、关闭游标
#打开仓库大门
conn = pymysql.connect(host='211.149.218.16',
user='jxz',passwd='123456',#port这里一定要写int类型
port=3306,db='jxz',charset='utf8') #charset必须写utf8,不能写utf-8
cur = conn.cursor(cursor=pymysql.cursors.DictCursor) #建立游标,游标你就认为是仓库管理员
# sql = "INSERT INTO `bt_stu` ( `real_name`, `sex`, `phone`, `class`, `type`) VALUES ('小黑', '1', '18612341241', '靠山屯', '1');"
sql = 'select * from bt_stu limit 5;'
cur.execute(sql) #执行sql语句
conn.commit() #提交
# update delete insert 需要提交
# res = cur.fetchall() #获取sql语句执行的结果,它把结果放到一个元组里,每一条数据也是一个元组
res = cur.fetchall() #只获取一条结果,它的结果是一个1维元组
print(res)
# print('fetchall',cur.fetchall())
# cur.scroll(0,mode='absolute')#移动游标,到最前面
# cur.scroll(3,mode='relative')#移动游标,相对于当前位置的
#只有一条数据,那么就用fetchone,超过一条数据那就用fetchall
cur.close() #关闭游标
conn.close() #关闭连接
import pymysql,redis
def op_mysql(host,user,password,db,sql,port=3306,charset='utf8'):
conn = pymysql.connect(host=host,user=user,
password=password,
port=port,
charset=charset,db=db)
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)
cur.execute(sql)
sql_start = sql[:6].upper() #取sql前6个字符串,判断它是什么类型的sql语句
if sql_start=='SELECT' :
res = cur.fetchall()
else:
conn.commit()
res = 'ok'
cur.close()
conn.close()
return res
import tools123
#用户登录,去数据库中判断,账号是否存在,密码是否输入正确
username =input('user:').strip()
passwd =input('passwd:').strip()
sql = 'select * from user where username ="%s";'%username
res = tools123.op_mysql(
host='211.149.218.16',
user='jxz',password='123456',#port这里一定要写int类型
port=3306,db='jxz',charset='utf8',sql =sql)
if res:
if passwd == res[0]['password']:
print('登录成功%s'%username)
else:
print('用户不存在')
sql注入 ,最下面是批量执行mysql:executemany(sql,all_res)
import pymysql
def op_mysql(host,user,password,db,sql,port=3306,charset='utf8'):
conn = pymysql.connect(host=host,user=user,
password=password,
port=port,
charset=charset,db=db)
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)
cur.execute(sql)
sql_start = sql[:6].upper() #取sql前6个字符串,判断它是什么类型的sql语句
if sql_start=='SELECT' :
res = cur.fetchall()
else:
conn.commit()
res = 'ok'
cur.close()
conn.close()
return res
# conn = pymysql.connect(host='211.149.218.16',user='jxz',
# password='123456',
# port=3306,
# charset='utf8',db='jxz')
# cur = conn.cursor(cursor=pymysql.cursors.DictCursor)
# name='zdq'
# # sql = 'select * from bt_stu where username="%s"; '%name
# sex='nv'
# cur.execute('select * from bt_stu where real_name="%s;"' % name) #可以sql注入的
# cur.execute('select * from bt_stu where real_name=%s and sex = %s',(name,sex)) #可以防止sql注入
# print(cur.fetchall())
def test(a,b):
# print(a,b)
pass
li = [1,2]
d = {'a':'ybq','b':'mpp'}
test(*li)
test(**d)
conn = pymysql.connect(host='211.149.218.16',user='jxz',
password='123456',
port=3306,
charset='utf8',db='jxz')
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)
def op_mysql_new(sql,*data):
#利用 *data这个可变参数,就能防止sql注入了
print(sql)
print(data)
cur.execute(sql,data)
# cur.execute('select',(name,id,name))
# cur.execute('select * from user where name=%s',('haha'))
print(cur.fetchall())
# sql = 'select * from user where username = %s and sex=%s;'
# name='haha'
# sex='xxx'
# op_mysql_new(sql,name,sex)
conn = pymysql.connect(host='211.149.218.16',user='jxz',
password='123456',
port=3306,
charset='utf8',db='jxz')
cur = conn.cursor(cursor=pymysql.cursors.DictCursor)
sql = 'insert into seq (blue,red,date) values (%s,%s,%s)'
all_res = [
['16','01,02,03,05,09,06','2018-01-28'],
['15','01,02,03,05,09,06','2018-01-28'],
['14','01,02,03,05,09,06','2018-01-28'],
['13','01,02,03,05,09,06','2018-01-28'],
['13','01,02,03,05,09,06','2018-01-28'],
['13','01,02,03,05,09,06','2018-01-28'],
['13','01,02,03,05,09,06','2018-01-28'],
['13','01,02,03,05,09,06','2018-01-28'],
['13','01,02,03,05,09,06','2018-01-28'],
['13','01,02,03,05,09,06','2018-01-28'],
['13','01,02,03,05,09,06','2018-01-28'],
['13','01,02,03,05,09,06','2018-01-28'],
]
cur.executemany(sql,all_res) #执行多个条件的。。sql
conn.commit()
