程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

Solution to SQL injection problem of Python connecting to MySQL database

編輯:Python

pymysql Bring your own solution sql The method of injecting problems

'''
sql Solution of injection problem
pymysql Bring your own solution sql The method of injecting problems
'''
import pymysql
connect_db=pymysql.connect(host='localhost',port=3306,user='root',password='root',charset='utf8',database='jing_dong')
cur=connect_db.cursor()
select_id=input(' Please enter the... You want to query id:')
# Most of the injection is due to users using legitimate sql The rules , And query the data that should not be obtained
# Input 2 or 1 try
# sql_str='''select * from goods where id=%s'''
sql_str='''select * from goods where id=%(id)s''' # execute() When the second parameter type of the method is Dictionary
# utilize execute() The second argument to the method ( Type: Yuanzu 、 list , Use %s As placeholder , Dictionary use %(name)s) solve SQL Injection problem , Use parameterization to solve SQL Injection problem
# cur.execute(sql_str,(select_id,))
cur.execute(sql_str,{'id':select_id}) # When the second parameter is a dictionary
result=cur.fetchall()
for item in result:
print(item)
cur.close()
connect_db.close()


  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved