PyMySQL operates MySQL database

Article directory

PyMySQL
- PyMySQL overview
- Install PyMySQL library
Basic use of PyMySQL
- API introduction
- Query operation
- insert operation
- Batch insert operation
- Delete operation
- update operation
SQL injection
- What is SQL injection
- solution
Precautions
- Protect sensitive information
- Use connection pool
- Exception handling
- Prevent concurrency conflicts
- Optimize query
- digression

PyMySQL

PyMySQL Overview

PyMySQL is a pure Python MySQL client library for the Python programming language. It implements all versions of the MySQL database protocol and supports multi-threaded applications and Python 3.x versions. PyMySQL follows the Python standard DB API interface and provides many convenient functions, such as MySQL connection pool, SSL/TLS encrypted connection, SQL injection prevention, etc.

GitHub: https://github.com/PyMySQL/PyMySQL

Install PyMySQL library

pip3 install pymysql

View information about third-party packages

pip3 show pymysql

View the list of installed third-party packages

pip3 list

Basic use of PyMySQL

API introduction

Import PyMySQL library

 import pymysql

Establishing a connection to a MySQL database using PyMySQL

pymysql.connect(parameter list)
 
connect_db = pymysql.connect(host='localhost', port=3306, user='root', password='123456', database='demo')

Get cursor object

 cursor =conn.cursor()

Execute SQL statement

 row_count = cursor.execute(sql)

Get query result set

 result = cursor.fetchall()

Submit the modification operation to the database

 conn.commit()

Rollback data

 conn.rollback()

Close cursor

 cursor.close()

close connection

 conn.close()

Query operation

# Guide package
importpymysql

#Create database connection object
# When connecting to the database, except for the port parameters, all other parameters must be specified using string types.
# host: the connected mysql host, if the local machine is 'localhost'
#port: The port of the connected mysql host, the default is 3306
# user: username for connection
# password: Password for connection
# database: name of database
# charset: The encoding method used for communication, utf8 is recommended
connect_db = pymysql.connect(host='localhost', port=3306, user='root', password='123456', charset='utf8', database='demo')

# Get the cursor object
# A database connection object can create multiple cursor objects
# Under normal circumstances, only one will be created for operation at the same time.
# When the cursor object is created, a transaction environment will be enabled by default.
cur = connect_db.cursor()

#Write SQL statement
sql_str = '''select * from item'''

#Execute SQL statement
row_count = cur.execute(sql_str)
print(f'Query {row_count} records')
print()

# Get a query result
result = cur.fetchone()
print(result)
print()

# Get the specified number of records
result = cur.fetchmany(4)
for t in result:
    print(t)
print()

# Get all data
result = cur.fetchall()
for t in result:
    print(t)
print()

#Move cursor properties
cur.rownumber = 0
result = cur.fetchall()
print(cur.rowcount)
for t in result:
    print(t)

# Close the cursor object
cur.close()

#Close database object
connect_db.close()

10 records found

(1, datetime.datetime(2022, 8, 21, 19, 31, 11), 'https:img13.360buyimg.com/n1/s450x450_jfs/t1/175088/12/11173/264547/60aa5dd6Efe2b408b/b91c5bdaf6918ffa. jpg', 4299.0, 'Lenovo JD self-operated flagship store', 'i5 16G backlit keyboard', 'Lenovo laptop Xiaoxin Air14 Intel Core i5 14-inch thin and light notebook (i5 16G 512G high color gamut large battery) silver full screen business office notebook', 'https://item.jd.com/100011483893.html')

(2, datetime.datetime(2022, 8, 21, 19, 31, 11), 'https:img13.360buyimg.com/n1/s450x450_jfs/t1/113403/25/29544/70492/6302023dE572552c8/e7c452efb3616b7 0.jpg', 4999.0, 'Lenovo JD self-operated flagship store', 'i5 16G backlit keyboard', 'Lenovo laptop Xiaoxin Pro14 Intel Evo platform 14-inch gaming thin and light notebook (standard pressure i5 16G 512G 2.8K 90Hz eye protection screen) full screen office notebook ', 'https://item.jd.com/100014546493.html')
(3, datetime.datetime(2022, 8, 21, 19, 31, 11), 'https:img12.360buyimg.com/n1/jfs/t1/219048/2/15799/192377/623ed1d3Eb52b150d/f669f9891c915da0.jpg', 2798.0, 'HUWI Flagship Store', '16G operation + 1024G super-fast hard drive', ' HUWI National Bank [2022 Intel Core Optional] Metal Laptop Thin and Light This College Student Online Class Design Learning Business Office Game Portable Rose Gold-High-Quality Intel Quad-Core 12th generation + IPS screen narrow-edge full screen 16G operation + 1024G super-fast hard drive', 'https://item.jd.com/10044527344297.html')
(4, datetime.datetime(2022, 8, 21, 19, 31, 11), 'https:img12.360buyimg.com/n1/s450x450_jfs/t1/42776/10/17345/131277/626bc1e3Eb2b0278a/1dc51316f3dc18 98.jpg', 4799.0, 'Huawei JD self-operated official flagship store', 'i5 16G 512G Haoyue Silver', 'Huawei laptop MateBook D 14 2022 14-inch 11th generation Core i5 16G + 512G Ruiju graphics card thin and light notebook/eye protection full screen silver' , 'https://item.jd.com/100016960357.html')
(5, datetime.datetime(2022, 8, 21, 19, 31, 11), 'https:img14.360buyimg.com/n1/s450x450_jfs/t1/69468/27/17416/141766/626baaecE202ac55d/d65dd608458c8c0b.j pg', 3999.0, 'Huawei JD self-operated official flagship store', 'i5 8GB 512GB Haoyue Silver', 'Huawei laptop MateBook D 14 SE version 14-inch 11th generation Core i5 Ruije graphics card 8G + 512G thin and light notebook/HD eye protection anti-glare screen Silver', 'https://item.jd.com/100032149194.html')

(6, datetime.datetime(2022, 8, 21, 19, 31, 11), 'https:img14.360buyimg.com/n1/s450x450_jfs/t1/99321/22/30610/122437/62ac48e7Eaf3ef4ac/464d0f1f132c8d62.j pg', 9299.0, 'HP (HP) OMEN Shadow Elf JD self-operated flagship store', '[New 12th generation i7] full blood 3060 + 2K screen version', 'HP (HP) OMEN Shadow Elf 8Pro 16.1-inch gaming laptop (12th generation Core i7-12700H RTX3060 6G 16GDDR5 512G 2.5K 165Hz) ', 'https://item.jd.com/100021389129.html')
(7, datetime.datetime(2022, 8, 21, 19, 31, 17), 'https:img12.360buyimg.com/n1/jfs/t1/47859/1/18224/153861/62a45618E5078f925/534299d323f12a2c.jpg', 1358.0, 'Smart Camel Digital Flagship Store', '8G Memory + 128G Solid State Drive', ' [2022 Intel + Core i7] 15.6-inch laptop thin and light online course design learning business office game college student portable Smart Camel Youth Edition [11th generation Intel] full screen + anti-blue light 8G memory + 128G solid state drive', 'https://item.jd.com/10033087405727.html')
(8, datetime.datetime(2022, 8, 21, 19, 31, 17), 'https:img11.360buyimg.com/n1/s450x450_jfs/t1/195842/2/20561/168501/62ca4248Edde4fefe/bbe877dbc201290e.jpg ', 5699.0, 'ThinkPad JD.com self-operated flagship store', 'i5-12500H 2.8K 90Hz', 'Lenovo ThinkBook 14 + Intel Core i5 laptop brand new 2022 14-inch standard pressure thin and light notebook i5-12500H 16G 512G 2.8K 90Hz', ' https://item.jd.com/100020078921.html')
(9, datetime.datetime(2022, 8, 21, 19, 31, 17), 'https:img11.360buyimg.com/n1/s450x450_jfs/t1/115135/13/26808/193275/62f371acE21c52747/20f36c3f883277 03.jpg', 5399.0, 'HP East self-operated official flagship store', '[Fifth generation new] i5 16G 512 high color gamut', 'HP (HP) 66 fifth generation 14-inch thin and light laptop (Intel 12th generation Core i5-1240P 16G 512G high color Domain low-power screen 1 year door-to-door) ', 'https://item.jd.com/100020480561.html')
(10, datetime.datetime(2022, 8, 21, 19, 31, 17), 'https:img12.360buyimg.com/n1/s450x450_jfs/t1/7498/9/18671/72563/62fb8cc2E2a4bedc8/cf134acbac78ec40.jpg', 3999.0, 'Xiaomi JD self-operated flagship store', 'R5 16G 512G', 'Xiaomi RedmiBookPro 14-inch 2.5K high color gamut retina screen thin and light notebook computer (6-core R5 16G 512G-SSD fingerprint recognition DC dimming) ', 'https ://item.jd.com/100011526087.html')

Insert operation

# Guide package
importpymysql

# Connect to the database
connect_db = pymysql.connect(host='localhost', port=3306, user='root', password='123456', charset='utf8', database='demo')

# Get the cursor object
cur = connect_db.cursor()

#Execute sql
sql_str = '''insert into tb_user(id,user_name,password,name,age,email) values(null,'0001','123456','Jack',20,'[email protected]'); '' '
cur.execute(sql_str)

# When adding, deleting or modifying the database, the operation will be performed in a transaction environment by default. After the operation is completed, a manual submission operation must be performed. If not submitted, the default operation of the program is to roll back.
connect_db.commit()

# Close the cursor object
cur.close()

#Close database connection
connect_db.close()

Batch insert operation

def main():
    # Create Connection connection
    conn = pymysql.connect(host='localhost', port=3306, user='root', password='123456', charset='utf8', database='demo')
    # Get Cursor object
    cursor = conn.cursor()
    #Insert data 10,000 times
    for i in range(10000):
        cursor.execute("insert into tb_user values(null,'000%d','123456','Jack',20,'[email protected]')" % i)
    # submit data
    conn.commit()

if __name__ == "__main__":
    main()

Delete operation

import pymysql
# Connect to the database
connect_db = pymysql.connect(host='localhost', port=3306, user='root', password='123456', charset='utf8', database='demo')
# Get the cursor object
cur = connect_db.cursor()
sql_str = ''' delete from tb_user where user_name = '0001' '''
#Execute sql
cur.execute(sql_str)
# submit
connect_db.commit()
# Close the cursor object
cur.close()
#Close database connection
connect_db.close()

Update operation

import pymysql
# Connect to the database
connect_db = pymysql.connect(host='localhost', port=3306, user='root', password='123456', charset='utf8', database='demo')
# Get the cursor object
cur = connect_db.cursor()
#Execute sql
sql_str = ''' update tb_user set password = '12345' where user_name = '0001' '''
cur.execute(sql_str)
# submit
connect_db.commit()
# Close the cursor object
cur.close()
#Close database connection
connect_db.close()

SQL injection

What is SQL injection

Users submit malicious data and SQL statements for string splicing, thereby affecting the semantics of the SQL statements and eventually causing data leakage.

import pymysql

connect_db = pymysql.connect(host='localhost', port=3306, user='root', password='123456', charset='utf8', database='demo')
cur = connect_db.cursor()

select_id = input('Please enter a query ID:')
sql_str = ''' select * from tb_user where id = %s ''' % select_id
print(sql_str)

cur.execute(sql_str)
result = cur.fetchall()

print(result)
cur.close()
connect_db.close()

Using the legal rules of sql, data that should not be obtained is queried, which is also called SQL injection.

Please enter a query ID: 1 or 1=1
 select * from tb_user where id = 1 or 1=1
((1, 'zhangsan', '123456', '小白', 20, '[email protected]'), (2, 'lisi', '123456', '李思', 20, 'test2@qq .com'), (3, 'wangwu', '123456', '王五', 28, '[email protected]'))

Solution

SQL statement parameterization, that is, the parameters in the SQL language use %s to occupy the place. The parameters required for the %s placeholder in the SQL statement are stored in a list, and the parameter list is passed to the second parameter in the execute method.

sql_str = ''' select * from tb_user where id = %s ''' % select_id
print(sql_str)

# Use the second parameter of the execute method to solve the problem of SQL injection
cur.execute(sql_str, (select_id,))

Please enter a query ID: 1 or 1=1
 select * from tb_user where id = %s
((1, 'zhangsan', '123456', '小白', 20, '[email protected]'),)

Notes

Protect sensitive information

When connecting to a database, do not hardcode sensitive information (such as usernames and passwords) directly into the code. Instead, store this sensitive information in a secure manner, such as a configuration file or environment variable, and load it dynamically in your code.

1. Create the INI configuration file of config.ini

[mysql]
user=root
password=123456
host=localhost
port=3306
database=mydb

2. Read the configuration file

ConfigParser is a module in the Python standard library, which is used to read and parse INI format configuration files. Configuration files can be easily read and loaded into a Python program for further processing using this module.

from configparser import ConfigParser

# Read configuration file
config = ConfigParser()
config.read('config.ini')

# Get MySQL login credentials
MYSQL_USER = config.get('mysql', 'user') # Output: root
MYSQL_PASSWORD = config.get('mysql', 'password')

# Connect to MySQL database
db = mysql.connector.connect(host='127.0.0.1',
                             user=MYSQL_USER,
                             password=MYSQL_PASSWORD,
                             database='mydb')

Use connection pool

Under heavy load, frequently creating and releasing database connections can reduce performance and increase system overhead. Therefore, it is recommended to use connection pooling to manage database connections so that available connections are obtained from the connection pool when needed and returned to the pool after use.

Using a connection pool helps optimize the management and reuse of database connections and reduces the overhead of starting a new connection for each request or operation, thereby improving the performance and response speed of the system.

1. Install the PyMySQL library and pymysql-pool library

pip install pymysql
pip install pymysql-pool

2. Import the PyMySQL library and connection pool module.

import pymysql
from pymysqlpool import ConnectionPool

3. Create a connection pool object and specify connection parameters

db_config = {
    'max_connections': 10,
    'max_idle_time': 60,
    'host': 'localhost',
    'port': 3306,
    'user': 'root',
    'password': 'password',
    'database': 'mydb'
}
pool = ConnectionPool(**db_config)

4. Obtain the connection object and cursor, and execute the SQL statement

with pool.get_conn() as conn:
    with conn.cursor() as cur:
        sql = "SELECT * FROM mytable WHERE name=%s"
        cur.execute(sql, ('John',))
        results = cur.fetchall()
        print(results)

5. Close the cursor and connection and return the connection to the connection pool

cur.close()
pool.return_conn(conn)

Exception handling

When interacting with a database, errors are inevitable. When an exception occurs, it needs to be caught and handled promptly to avoid program crashes or leakage of sensitive information.

try:
    #Operation database
except Exception as e:
    print("Error:", e)
    # Handle exceptions
finally:
    #Close connection and cursor
    cur.close()
    conn.close()

Prevent concurrency conflicts

When multiple processes or threads access and modify the same data at the same time, concurrency conflicts may occur, resulting in data inconsistency or errors. For this reason, it is recommended to use the database’s transaction support to ensure data consistency and correctness.

try:
    # Start transaction
    conn.begin()

    #Operation database

    # Submit transaction
    conn.commit()
except Exception as e:
    print("Error:", e)
    #Rollback transaction
    conn.rollback()
finally:
    #Close connection and cursor
    cur.close()
    conn.close()

Optimize query

When querying data, the number of queries should be reduced as much as possible. You can optimize and speed up queries by using indexes, batch insertion and other methods. Additionally, parameterized queries should be used in INSERT, UPDATE, and DELETE statements to prevent SQL injection attacks.

# Parameterized SQL query
sql = "SELECT * FROM tablename WHERE column1 = %s AND column2 = %s"
cur.execute(sql, ('value1', 'value2'))

———————————END——————- ——–

Digression

In the current era of big data, how can one keep up with the times without mastering a programming language? Python, the hottest programming language at the moment, has a bright future! If you also want to keep up with the times and improve yourself, please take a look.

Interested friends will receive a complete set of Python learning materials, including interview questions, resume information, etc. See below for details.

CSDN gift package:The most complete “Python learning materials” on the entire network are given away for free! (Safe link, click with confidence)

1. Python learning routes in all directions

The technical points in all directions of Python have been compiled to form a summary of knowledge points in various fields. Its usefulness is that you can find corresponding learning resources according to the following knowledge points to ensure that you learn more comprehensively.

2. Python essential development tools

The tools have been organized for you, and you can get started directly after installation!

3. Latest Python study notes

When I learn a certain basic and have my own understanding ability, I will read some books or handwritten notes compiled by my seniors. These notes record their understanding of some technical points in detail. These understandings are relatively unique and can be learned. to a different way of thinking.

4. Python video collection

Watch a comprehensive zero-based learning video. Watching videos is the fastest and most effective way to learn. It is easy to get started by following the teacher’s ideas in the video, from basic to in-depth.

5. Practical cases

What you learn on paper is ultimately shallow. You must learn to type along with the video and practice it in order to apply what you have learned into practice. At this time, you can learn from some practical cases.

6. Interview Guide

Resume template

CSDN gift package:The most complete “Python learning materials” on the entire network are given away for free! (Safe link, click with confidence)

If there is any infringement, please contact us for deletion.