pymysql Bring your own solution sql The method of injecting problems
'''
sql Solution of injection problem
pymysql Bring your own solution sql The method of injecting problems
'''
import pymysql
connect_db=pymysql.connect(host='localhost',port=3306,user='root',password='root',charset='utf8',database='jing_dong')
cur=connect_db.cursor()
select_id=input(' Please enter the... You want to query id:')
# Most of the injection is due to users using legitimate sql The rules , And query the data that should not be obtained
# Input 2 or 1 try
# sql_str='''select * from goods where id=%s'''
sql_str='''select * from goods where id=%(id)s''' # execute() When the second parameter type of the method is Dictionary
# utilize execute() The second argument to the method ( Type: Yuanzu 、 list , Use %s As placeholder , Dictionary use %(name)s) solve SQL Injection problem , Use parameterization to solve SQL Injection problem
# cur.execute(sql_str,(select_id,))
cur.execute(sql_str,{'id':select_id}) # When the second parameter is a dictionary
result=cur.fetchall()
for item in result:
print(item)
cur.close()
connect_db.close()
