9Pythonȫվ֮·ϵÁÐÖ®MySQL SLÊäÈë
·¢²¼Ê±¼ä£º2022-03-18 14:35:35 ËùÊôÀ¸Ä¿£ºMySql½Ì³Ì À´Ô´£º»¥ÁªÍø
µ¼¶Á£ºSQL×¢ÈëÊÇÒ»ÖÖ´úÂë×¢Èë¼¼Êõ£¬¹ýÈ¥³£³£ÓÃÓÚ***Êý¾ÝÇý¶¯ÐÔµÄÓ¦Ó㬱ÈÈ罫¶ñÒâµÄSQL´úÂë×¢Èëµ½Ìض¨×Ö¶ÎÓÃÓÚʵʩ******µÈ¡£ SQL×¢ÈëµÄ³É¹¦±ØÐë½èÖúÓ¦ÓóÌÐòµÄ°²È«Â©¶´£¬ÀýÈçÓû§ÊäÈëûÓо¹ýÕýÈ·µØ¹ýÂË£¨Õë¶ÔijЩÌض¨×Ö·û´®£©»òÕßûÓÐÌرðÇ¿µ÷ÀàÐ͵Äʱºò£¬¶¼ÈÝ
|
SQL×¢ÈëÊÇÒ»ÖÖ´úÂë×¢Èë¼¼Êõ£¬¹ýÈ¥³£³£ÓÃÓÚ***Êý¾ÝÇý¶¯ÐÔµÄÓ¦Ó㬱ÈÈ罫¶ñÒâµÄSQL´úÂë×¢Èëµ½Ìض¨×Ö¶ÎÓÃÓÚʵʩ******µÈ¡£ SQL×¢ÈëµÄ³É¹¦±ØÐë½èÖúÓ¦ÓóÌÐòµÄ°²È«Â©¶´£¬ÀýÈçÓû§ÊäÈëûÓо¹ýÕýÈ·µØ¹ýÂË£¨Õë¶ÔijЩÌض¨×Ö·û´®£©»òÕßûÓÐÌرðÇ¿µ÷ÀàÐ͵Äʱºò£¬¶¼ÈÝÒ×Ôì³ÉÒì³£µØÖ´ÐÐSQLÓï¾ä¡£ SQL×¢ÈëÊÇÍøÕ¾***ÖÐ×î³£ÓõÄ***¼¼Êõ£¬µ«ÊÇÆäʵSQL×¢Èë¿ÉÒÔÓÃÀ´***ËùÓеÄSQLÊý¾Ý¿â¡£ SQL×¢ÈëµÄʵÏÖ ´´½¨SQLdbÊý¾Ý¿â CREATE DATABASE SQLdb; ´´½¨user_info±í CREATE TABLE `user_info` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(32) DEFAULT NULL, `password` varchar(32) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; ²åÈëÒ»ÌõÓû§Êý¾Ý ²âÊÔµÄÓû§ÃûÊÇansheng£¬ÃÜÂëas insert into user_info(username,password) values("ansheng","as"); Python´úÂë app.pyÎļþ #!/usr/bin/env python # -*- coding:utf-8 -*- import tornado.ioloop import tornado.web import pymysql class LoginHandler(tornado.web.RequestHandler): def get(self, *args, **kwargs): self.render('login.html') def post(self, *args, **kwargs): username = self.get_argument('username', None) pwd = self.get_argument('pwd', None) conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='as', db='sqldb') cursor = conn.cursor() temp = "select username from user_info where username='%s' and password = '%s'" %(username, pwd,) effect_row = cursor.execute(temp) result = cursor.fetchone() conn.commit() cursor.close() conn.close() if result: self.write('µÇ¼³É¹¦') else: self.write('µÇ¼ʧ°Ü') application = tornado.web.Application([ (r"/login", LoginHandler), ]) if __name__ == "__main__": application.listen(8888) tornado.ioloop.IOLoop.instance().start() HTML´úÂë login.htmlÓëapp.pyÎļþÔÚͬ¼¶ <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form action="/login" method="post"> <input type="text" name="username" placeholder="Óû§Ãû" /> <input type="text" name="pwd" placeholder="ÃÜÂë" /> <input type="submit" /> </form> </body> </html> ÑÝʾЧ¹û ´ò¿ªä¯ÀÀÆ÷£¬ÊäÈëµØÖ·http://127.0.0.1:8888/login ÌîдÄÚÈÝÈçÏ£º Óû§Ãû£ºasas ' or 1 = 1-- asd ÃÜÂ룺Ëæ±ãÌîдһ´®×Öĸ Èçͼ£º 9Pythonȫվ֮·ϵÁÐÖ®MySQL SL×¢Èë µ±µã»÷Ìá½»µÄʱºòÊÇ·ñ»áÌøתµ½µÇ½³É¹¦Ò³Ã棿Èç¹ûÄãµÄ´úÂëºÍÎÒÒ»Ñù£¬ÄÇô¾Í»áÌøתµ½µÇ½³ÉÒ³Ãæ¡£ Ϊʲô³öÏÖÕâÖÖÎÊÌ⣿ ³öÏÖÕâ¸öÎÊÌâµÄÖ÷ÒªÔÒò¾ÍÊÇÒòΪÎÒÃÇʹÓÃÁË×Ö·û´®Æ´½ÓµÄ·½Ê½À´½øÐÐSQLÖ¸ÁîµÄÆ´½Ó¡£ SQLÖ¸ÁîÆ´½Ó´úÂë temp = "select username from user_info where username='%s' and password = '%s'" %(username, pwd,) ÕâÊÇÒ»¸öÕý³£µÄSQLÆ´½Ó³öÀ´µÄ½á¹û select username from user_info where username='ansheng' and password = 'as' ÕâÊÇÒ»¸ö·ÇÕý³£µÄSQLÆ´½Ó³öÀ´µÄ½á¹û select username from user_info where username='asas' or 1 = 1 -- asd' and password = 's' ´ÏÃ÷µÄÄãÊÇ·ñÒѾ¿´µ½ÆäÖеÄÐþ»úÁËÄØ£¿-- ÈçºÎ·ÀÖ¹£¿ ͨ¹ýPythonµÄpymysqlÄ£¿éÀ´½øÐÐSQLµÄÖ´ÐУ¬ÔÚpymysqlÄ£¿éÄÚ²¿»á×Ô¶¯°Ñ”'“(µ¥ÒýºÅ×öÒ»¸öÌØÊâµÄ´¦Àí£¬À´Ô¤·ÀÉÏÊöµÄ´íÎó ...... effect_row = cursor.execute("select username from user_info where username='%s' and password = '%s'", (username, pwd)) ...... #Pythonȫջ֮· #Sql×¢Èë¡£ £¨±à¼£ºÔƼÆËãÍø_ËÞǨվ³¤Íø£© ¡¾ÉùÃ÷¡¿±¾Õ¾ÄÚÈݾùÀ´×ÔÍøÂ磬ÆäÏà¹ØÑÔÂÛ½ö´ú±í×÷Õ߸öÈ˹۵㣬²»´ú±í±¾Õ¾Á¢³¡¡£ÈôÎÞÒâÇÖ·¸µ½ÄúµÄȨÀû£¬Ç뼰ʱÓëÁªÏµÕ¾³¤É¾³ýÏà¹ØÄÚÈÝ! |
Ïà¹ØÄÚÈÝ
- mongodbÔõôѸËٴÊôÓÚ×Ô¼ºµÄÊý¾Ý¿â
- mysqlÖпâºÍ±íµÄ¼òµ¥²Ù×÷ʾÀý
- slave_rows_search_algorithms²ÎÊýhash_scanµÄʵÏÖ°ì·¨
- debianÏÂmysqlʵÐÐ
- ÈçºÎÔÚmysqlÖÐÔËÓñ¯¹ÛËøÓëÀÖ¹ÛËøÎö
- MySQLÊý¾Ý¿â±¸·Ý×ܽá
- ÈçºÎ±àдһ¸ömysql²éѯÀ´¶ÁÈ¡Ò»¸ö±íÖеÄÊý¾Ý²¢Ð´ÈëÁíÒ»¸ö±í
- Ïê½âSQLÓï¾ä½â¶Á·þÎñ£¬ÈÃÄãµÄsqlÀí½â¸üÇåÎú
- ÈçºÎÔÚMySQLÔªÊý¾Ý¿âÀï²éÔÄË÷Òý
- ³õ̽Ôƽâ¾ö·½°¸Ö®Ë½ÓÐÔƽâ¾öÎå´óÀàÐÍ
Õ¾³¤ÍƼö
- MHAµÄ°²×°ºÍ²¿Êð¹ý³Ì
- ʵÀý½²½âMySQLÊý¾Ý¿âµÄ²éѯÓÅ»¯¿Æ¼¼
- SQL ServerµÄÊý¾Ýµ¼ÈëMySQLÊý¾Ý¿â·½·¨¼ò½é
- mysql load±¨´íIncorrect datetime valueÔõô×ö
- MySQLÓÅ»¯µÄ×î»ù´¡²ÙÔË×÷ÊÇʲô
- HTML5ÍϷŹ¦ÄÜ_¶¯Á¦½ÚµãJavaѧԺÕûÀí
- php-¼´Ê¹ÓдíÎó,PDO´íÎó´úÂëÒ²×ÜÊÇ00000
- ÍøÉÏ¿´µ½µÄ¸ø´ó¼Ò·ÖÏíÒ»ÏÂ
- Apache Hive VS Spark£º²»Í¬Ä¿µÄ£¬Í¬Ñù³É¹¦
- mysql ¨C ¸üÐÂÁ¬½ÓÁíÒ»¸ö±íµÄ±í