pymysql
pymsql是Python中操作MySQL的模块,其使用方法和MySQLdb几乎相同。
使用操作
1.执行SQL
#!/usr/bin/env python # -*- coding:utf-8 -*- import pymysql # 创建连接 conn = pymysql.connect(host='127.0.0.1', port=3306, user='sunhao', passwd='123456', db='mydatabase') # 创建游标 cursor = conn.cursor() # 执行SQL,并返回收影响行数 effect_row = cursor.execute("update hosts set host = '1.1.1.2'") # 执行SQL,并返回受影响行数 #effect_row = cursor.execute("update hosts set host = '1.1.1.2' where nid > %s", (1,)) # 执行SQL,并返回受影响行数 # effect_row = cursor.executemany("insert into hosts(host,color_id)values(%s,%s)", [("1.1.1.11",1),("1.1.1.11",2)])
# effect_row = cursor.execute("insert into hosts(host,color_id)values(%s,%s)", ("1.1.1.11",1))
# 提交,不然无法保存新建或者修改的数据 conn.commit() # 关闭游标 cursor.close() # 关闭连接 conn.close()
list=[
("1.1.1.11",1),
("1.1.1.12",2),
("1.1.1.13",3)]
effect_row = cursor.executemany("insert into hosts(host,color_id)values(%s,%s)",list)
2、获取新创建数据自增ID
#!/usr/bin/env python # -*- coding:utf-8 -*- import pymysql conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='123456', db='mydatabase') cursor = conn.cursor() cursor.executemany("insert into my_class(number,name)values(%s,%s)", [(1,'jim'),(2,'tom')]) conn.commit() cursor.close() conn.close() # 获取最新自增ID new_id = cursor.lastrowid
3、获取查询数据
#!/usr/bin/env python # -*- coding:utf-8 -*- import pymysql conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='123456', db='mydatabase') cursor = conn.cursor() cursor.execute("select * from my_class") # 获取第一行数据 row_1 = cursor.fetchone() # 获取前n行数据 # row_2 = cursor.fetchmany(3) # 获取所有数据 # row_3 = cursor.fetchall() conn.commit() cursor.close() conn.close()
4、fetch数据类型
关于默认获取的数据是元祖类型,如果想要或者字典类型的数据,即:
#!/usr/bin/env python # -*- coding:utf-8 -*- import pymysql conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='123456', db='mydatabase') # 游标设置为字典类型 cursor = conn.cursor(cursor=pymysql.cursors.DictCursor) r = cursor.execute("call p1()") result = cursor.fetchone() conn.commit() cursor.close() conn.close()
注:在fetch数据时按照顺序进行,可以使用cursor.scroll(num,mode)来移动游标位置,如:
- cursor.scroll(1,mode='relative') # 相对当前位置移动 往下走一个指针 cursor.scroll(-1,mode='relative') -1是往上走
- cursor.scroll(2,mode='absolute') # 相对绝对位置移动 指针移动到第一个位置
5. SQL注入问题
import pymysql conn = pymysql.connect(host='121.201.34.173',port=3306,user='sunhao',passwd='123456',db='mydatabase',charset='utf8') cur = conn.cursor() inp = input("请输入姓名:") # 字符串拼接形式 禁止使用这种操作 sql = "insert into my_class(number,name) values(12,'%s')" sql = sql % (inp,) effect_row = cur.execute(sql) data = cur.fetchone() print(data) conn.commit() cur.close() conn.close()
sql='select username,password from userinfo where username= "%s" and password = "%s"' #sql注入问题 sql语句注释用--
sql=sql%("alex or 1=1 -- ",123456)
cursor.execute(sql)
