A-A+

python pymysql 防止SQL注入 预编译

2019年03月07日 11:39 学习笔记 暂无评论 阅读 271 views 次

【注意:此文章为博主原创文章!转载需注意,请带原文链接,至少也要是txt格式!】

这里我给出部分我代码的样例,大家可以参考一下。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
    def ShieldIp_query(self, request_data):
        try:
            if self.Pd_data_value(request_data, "size"):
                size = request_data["size"]
            else:
                size = 20
            if self.Pd_data_value(request_data, "curpage"):
                curpage = request_data["curpage"]
            else:
                curpage = 0
            sql_args = []
            wheresql = " where 1=1 "
            if str(request_data["provincecity"]) != '0':
                wheresql += "and `provincecity` LIKE %s "
                sql_args.append('%'+request_data["provincecity"]+'%')
            if str(request_data["cityname"]) != '0':
                wheresql += "and `cityname` LIKE %s "
                sql_args.append('%'+request_data["cityname"]+'%')
            sql_args = tuple(sql_args)
            sql = "select ip from b_city_config " + wheresql + "   order by id desc"
            iplist = self.mysqlcon.select_execute(sql, sql_args)
            sql_args = list(sql_args)
            arrayip = []
            wheresql = ""
            for ip in iplist:
                arrayip.append(ip)
            if arrayip:
                arrayip = ",".join('%s' % ss for ss in arrayip if ss)
                wheresql = "where ip in (%s)"
                sql_args.append(arrayip)
            sql_args.append(size * curpage)
            sql_args.append(size)
            sql_args = tuple(sql_args)
            sql = "select * from b_ip_port " + wheresql + " order by id desc limit %s,%s"
            result = self.mysqlcon.select_execute(sql, sql_args)
            if len(result) <= 0:
                return jsonify({"status": 500, "data": "查询失败,不存在此地域或与此IP相关的数据。"})
            i = 0
            for ip in result:
                result[i]['ip'] = self.mysqlcon.int2ip(ip['ip'])
                i += 1
            return jsonify({"status": 200, "data": result})
        except Exception as e:
            return jsonify({"status": 500, "data": "miss 查询失败{}".format(e)})

布施恩德可便相知重

微信扫一扫打赏

支付宝扫一扫打赏

×

给我留言