9Pythonȫվ֮·ϵÁÐÖ®MySQL SLÊäÈë
·¢²¼Ê±¼ä£º2022-03-19 01:03:12 ËùÊôÀ¸Ä¿£º±à³Ì À´Ô´£º»¥ÁªÍø
µ¼¶Á£ºSQL×¢ÈëÊÇÒ»ÖÖ´úÂë×¢Èë¼¼Êõ£¬¹ýÈ¥³£³£ÓÃÓÚ***Êý¾ÝÇý¶¯ÐÔµÄÓ¦Ó㬱ÈÈ罫¶ñÒâµÄSQL´úÂë×¢Èëµ½Ìض¨×Ö¶ÎÓÃÓÚʵʩ******µÈ¡£ SQL×¢ÈëµÄ³É¹¦±ØÐë½èÖúÓ¦ÓóÌÐòµÄ°²È«Â©¶´£¬ÀýÈçÓû§ÊäÈëûÓо¹ýÕýÈ·µØ¹ýÂË£¨Õë¶ÔijЩÌض¨×Ö·û´®£©»òÕßûÓÐÌرðÇ¿µ÷ÀàÐ͵Äʱºò£¬¶¼ÈÝÒ×
|
SQL×¢ÈëÊÇÒ»ÖÖ´úÂë×¢Èë¼¼Êõ£¬¹ýÈ¥³£³£ÓÃÓÚ***Êý¾ÝÇý¶¯ÐÔµÄÓ¦Ó㬱ÈÈ罫¶ñÒâµÄSQL´úÂë×¢Èëµ½Ìض¨×Ö¶ÎÓÃÓÚʵʩ******µÈ¡£ SQL×¢ÈëµÄ³É¹¦±ØÐë½èÖúÓ¦ÓóÌÐòµÄ°²È«Â©¶´£¬ÀýÈçÓû§ÊäÈëûÓо¹ýÕýÈ·µØ¹ýÂË£¨Õë¶ÔijЩÌض¨×Ö·û´®£©»òÕßûÓÐÌرðÇ¿µ÷ÀàÐ͵Äʱºò£¬¶¼ÈÝÒ×Ôì³ÉÒì³£µØÖ´ÐÐSQLÓï¾ä¡£ SQL×¢ÈëÊÇÍøÕ¾***ÖÐ×î³£ÓõÄ***¼¼Êõ£¬µ«ÊÇÆäʵSQL×¢Èë¿ÉÒÔÓÃÀ´***ËùÓеÄSQLÊý¾Ý¿â¡£ SQL×¢ÈëµÄʵÏÖ ´´½¨SQLdbÊý¾Ý¿â CREATE DATABASE SQLdb; ´´½¨user_info±í CREATE TABLE `user_info` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(32) DEFAULT NULL, `password` varchar(32) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; ²åÈëÒ»ÌõÓû§Êý¾Ý ²âÊÔµÄÓû§ÃûÊÇansheng£¬ÃÜÂëas insert into user_info(username,password) values("ansheng","as"); Python´úÂë app.pyÎļþ #!/usr/bin/env python # -*- coding:utf-8 -*- import tornado.ioloop import tornado.web import pymysql class LoginHandler(tornado.web.RequestHandler): def get(self, *args, **kwargs): self.render('login.html') def post(self, *args, **kwargs): username = self.get_argument('username', None) pwd = self.get_argument('pwd', None) conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='as', db='sqldb') cursor = conn.cursor() temp = "select username from user_info where username='%s' and password = '%s'" %(username, pwd,) effect_row = cursor.execute(temp) result = cursor.fetchone() conn.commit() cursor.close() conn.close() if result: self.write('µÇ¼³É¹¦') else: self.write('µÇ¼ʧ°Ü') application = tornado.web.Application([ (r"/login", LoginHandler), ]) if __name__ == "__main__": application.listen(8888) tornado.ioloop.IOLoop.instance().start() HTML´úÂë login.htmlÓëapp.pyÎļþÔÚͬ¼¶ <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form action="/login" method="post"> <input type="text" name="username" placeholder="Óû§Ãû" /> <input type="text" name="pwd" placeholder="ÃÜÂë" /> <input type="submit" /> </form> </body> </html> ÑÝʾЧ¹û ´ò¿ªä¯ÀÀÆ÷£¬ÊäÈëµØÖ·http://127.0.0.1:8888/login ÌîдÄÚÈÝÈçÏ£º Óû§Ãû£ºasas ' or 1 = 1-- asd ÃÜÂ룺Ëæ±ãÌîдһ´®×Öĸ Èçͼ£º 9Pythonȫվ֮·ϵÁÐÖ®MySQL SL×¢Èë µ±µã»÷Ìá½»µÄʱºòÊÇ·ñ»áÌøתµ½µÇ½³É¹¦Ò³Ã棿Èç¹ûÄãµÄ´úÂëºÍÎÒÒ»Ñù£¬ÄÇô¾Í»áÌøתµ½µÇ½³ÉÒ³Ãæ¡£ Ϊʲô³öÏÖÕâÖÖÎÊÌ⣿ ³öÏÖÕâ¸öÎÊÌâµÄÖ÷ÒªÔÒò¾ÍÊÇÒòΪÎÒÃÇʹÓÃÁË×Ö·û´®Æ´½ÓµÄ·½Ê½À´½øÐÐSQLÖ¸ÁîµÄÆ´½Ó¡£ SQLÖ¸ÁîÆ´½Ó´úÂë temp = "select username from user_info where username='%s' and password = '%s'" %(username, pwd,) ÕâÊÇÒ»¸öÕý³£µÄSQLÆ´½Ó³öÀ´µÄ½á¹û select username from user_info where username='ansheng' and password = 'as' ÕâÊÇÒ»¸ö·ÇÕý³£µÄSQLÆ´½Ó³öÀ´µÄ½á¹û select username from user_info where username='asas' or 1 = 1 -- asd' and password = 's' ´ÏÃ÷µÄÄãÊÇ·ñÒѾ¿´µ½ÆäÖеÄÐþ»úÁËÄØ£¿-- ÈçºÎ·ÀÖ¹£¿ ͨ¹ýPythonµÄpymysqlÄ£¿éÀ´½øÐÐSQLµÄÖ´ÐУ¬ÔÚpymysqlÄ£¿éÄÚ²¿»á×Ô¶¯°Ñ”'“(µ¥ÒýºÅ×öÒ»¸öÌØÊâµÄ´¦Àí£¬À´Ô¤·ÀÉÏÊöµÄ´íÎó ...... effect_row = cursor.execute("select username from user_info where username='%s' and password = '%s'", (username, pwd)) ...... #Pythonȫջ֮· #Sql×¢Èë¡£ £¨±à¼£ººËÐÄÍø£© ¡¾ÉùÃ÷¡¿±¾Õ¾ÄÚÈݾùÀ´×ÔÍøÂ磬ÆäÏà¹ØÑÔÂÛ½ö´ú±í×÷Õ߸öÈ˹۵㣬²»´ú±í±¾Õ¾Á¢³¡¡£ÈôÎÞÒâÇÖ·¸µ½ÄúµÄȨÀû£¬Ç뼰ʱÓëÁªÏµÕ¾³¤É¾³ýÏà¹ØÄÚÈÝ! |
Ïà¹ØÄÚÈÝ
- ´òÓÎÏ·ÓÃʲôÊÖ»úºÃ£¿ROGÓÎÏ·ÊÖ»ú 2 ¿ªºÚ&¿ª¹ÒË«ÁϹھü
- GoogleÉ̵êÖÐÓ׶ùÓ¦Óùã¸æ²»ºÏ¹æ£¬ÓÕµ¼Ó׶ù¹ºÂòÐÐΪ
- Ç¿º·ÊµÁ¦³É¼¨Ëµ»°iQOO3¿ªÂôÊ×ÈÕÈ«ÍøÏúÊÛ¶îÆÆÒÚ
- iphone7ÊÇË«ÉãÏñÍ·Âð iphone7ÊDz»ÊÇË«ÉãÏñÍ·
- Windows 2008¼ÆËã»ú²»ÄÜÌí¼Óµ½ÓòµÄÔÒò·ÖÎö
- ΢Èí»öÊÂÁ¬Á¬ WindowsËùÓа汾ÔÙÏÖÖش󩶴
- »ªÎªMateBook X ProÁìÏÎ 3¿î¸ßÑÕÖµÇᱡ±¾ÍƼö
- ʲôÊǵçÔ´ÊÊÅäÆ÷
- ÕÅÒ»ÃùµÖÎÚÕò δÕýÃæ»ØÓ¦ÉÏÊÐ
- SQL CompactÖеÄReseed identityÁÐ
Õ¾³¤ÍƼö
- HTML½Ì³Ì:ÊÕ¼¯µÄ³£ÓõÄHTML±êÇ©(4)
- ±±¾©½«Öصã´ò»÷·Ç·¨»õ³µÀûÓÃÍøԼƽ̨ÔËÊä¾Óª
- ÈçºÎ·ÀÖ¹ºÚ¿ÍÈëÇÖ
- »ªÇ¿±±¿ó»úÉúÒ⣺һ³¡¹ØÓÚͶ»úµÄħ»ÃÐã
- ΪÄãÍƼöMySQLÔ¼Êø¸ÅÊö
- °ÂµÏ×öÁËÒ»¿îµç¶¯»¬°å³µ ÊÛ¼ÛÔúÐÄÁË
- Æ»¹ûiPhoneΪÆÁ±ÎÉ«ÇéÄÚÈÝÓÃÁ¦¹ýÃÍ
- MySQL×îаæ8.0Óë5.7Ö®ÐÔÄܶԱÈ
- Overriding£º¹þ¹þ£¬¾Í²»¸æËßÄãÕâ 11 Ìõ¹æÔò
- MySQLÊý¾Ý¿âĿ¼ÏÂÃæµÄdb.optÊǸÉʲôÓõģ¿
ÈȵãÔĶÁ