A-A+

python pymysql 防止SQL注入预编译

2019年03月07日 11:39 学习笔记暂无评论共1012字 (阅读4,241 views次)

【注意：此文章为博主原创文章！转载需注意，请带原文链接，至少也要是txt格式！】

这里我给出部分我代码的样例，大家可以参考一下。

    def ShieldIp_query(self, request_data):
        try:
            if self.Pd_data_value(request_data, "size"):
                size = request_data["size"]
            else:
                size = 20
            if self.Pd_data_value(request_data, "curpage"):
                curpage = request_data["curpage"]
            else:
                curpage = 0
            sql_args = []
            wheresql = " where 1=1 "
            if str(request_data["provincecity"]) != '0':
                wheresql += "and `provincecity` LIKE %s "
                sql_args.append('%'+request_data["provincecity"]+'%')
            if str(request_data["cityname"]) != '0':
                wheresql += "and `cityname` LIKE %s "
                sql_args.append('%'+request_data["cityname"]+'%')
            sql_args = tuple(sql_args)
            sql = "select ip from b_city_config " + wheresql + "   order by id desc"
            iplist = self.mysqlcon.select_execute(sql, sql_args)
            sql_args = list(sql_args)
            arrayip = []
            wheresql = ""
            for ip in iplist:
                arrayip.append(ip)
            if arrayip:
                arrayip = ",".join('%s' % ss for ss in arrayip if ss)
                wheresql = "where ip in (%s)"
                sql_args.append(arrayip)
            sql_args.append(size * curpage)
            sql_args.append(size)
            sql_args = tuple(sql_args)
            sql = "select * from b_ip_port " + wheresql + " order by id desc limit %s,%s"
            result = self.mysqlcon.select_execute(sql, sql_args)
            if len(result) <= 0:
                return jsonify({"status": 500, "data": "查询失败，不存在此地域或与此IP相关的数据。"})
            i = 0
            for ip in result:
                result[i]['ip'] = self.mysqlcon.int2ip(ip['ip'])
                i += 1
            return jsonify({"status": 200, "data": result})
        except Exception as e:
            return jsonify({"status": 500, "data": "miss 查询失败{}".format(e)})

def ShieldIp_query(self, request_data): try: if self.Pd_data_value(request_data, "size"): size = request_data["size"] else: size = 20 if self.Pd_data_value(request_data, "curpage"): curpage = request_data["curpage"] else: curpage = 0 sql_args = [] wheresql = " where 1=1 " if str(request_data["provincecity"]) != '0': wheresql += "and `provincecity` LIKE %s " sql_args.append('%'+request_data["provincecity"]+'%') if str(request_data["cityname"]) != '0': wheresql += "and `cityname` LIKE %s " sql_args.append('%'+request_data["cityname"]+'%') sql_args = tuple(sql_args) sql = "select ip from b_city_config " + wheresql + " order by id desc" iplist = self.mysqlcon.select_execute(sql, sql_args) sql_args = list(sql_args) arrayip = [] wheresql = "" for ip in iplist: arrayip.append(ip) if arrayip: arrayip = ",".join('%s' % ss for ss in arrayip if ss) wheresql = "where ip in (%s)" sql_args.append(arrayip) sql_args.append(size * curpage) sql_args.append(size) sql_args = tuple(sql_args) sql = "select * from b_ip_port " + wheresql + " order by id desc limit %s,%s" result = self.mysqlcon.select_execute(sql, sql_args) if len(result) <= 0: return jsonify({"status": 500, "data": "查询失败，不存在此地域或与此IP相关的数据。"}) i = 0 for ip in result: result[i]['ip'] = self.mysqlcon.int2ip(ip['ip']) i += 1 return jsonify({"status": 200, "data": result}) except Exception as e: return jsonify({"status": 500, "data": "miss 查询失败{}".format(e)})

蜗居

窄小蜗居，虽非富贵王侯宅；清闲螺径，也异寻常百姓家。 woj → 蜗居

python pymysql 防止SQL注入预编译

给我留言取消回复

布施恩德可便相知重

微信扫一扫打赏

支付宝扫一扫打赏

给我留言取消回复