pymsql的使用
初识pymysql模块
先在数据库中创建一个用户信息表,里面包含用户的ID、用户名、密码
create table userinfo(
uid int not null auto_increment primary key,
username varchar(32),
pwd varchar(32)
)engine = innodb default charset=utf8;增加一个用户的信息:
insert into userinfo(username,pwd) values('jxson','a123');用pymysql模块从数据库拿到用户信息模拟登陆效果:
import pymysql
user = input('username:') #输入用户的名字
pwd = input('password:') #输入用户的密码
conn = pymysql.connect(host ='localhost',user = 'root',password = '',database = 'db1') #连接数据库
cursor = conn.cursor() #cursor是一个游标 去帮我们获取数据
sql_search = "select * from userinfo where username='%s' and pwd='%s'" %(user,pwd,) #SQL语句
cursor.execute(sql_search) #执行SQL语句
get_one = cursor.fetchone() #拿一组数据
cursor.close() #关闭游标
conn.close() #关闭连接
if get_one: #判断是否有拿到数据
print("登陆成功!")
print(get_one)
else:
print("登陆失败!")执行结果:
username:jxson
password:a123
登陆成功!
(1, 'jxson', 'a123')防止SQL注入的改进方法
1.
sql_search = "select * from userinfo where username=%s and pwd=%s"
cursor.execute(sql_search,user,pwd)2.列表的表示方式
sql_search = "select * from userinfo where username=%s and pwd=%s"
cursor.execute(sql_search,[user,pwd])3.字典的表示方式
sql_search = "select * from userinfo where username=%(u)s and pwd=%(p)s"
cursor.execute(sql_search,{'u' : user,'p' : pwd})