sql 注入
import pymysql
conn = pymysql.connect(
host='127.0.0.1',
port=3306,
user='root',
password='password',
database='day46',
charset='utf8')
cursor = conn.cursor(pymysql.cursors.DictCursor)
name = input('用户名')
pwd = input('密码')
sql = 'select * from user where name = "%s" and pwd = "%s"' % (name, password)
res = cursor.execute(sql)
if res:
print('登陆成功')
else:
print('登陆失败')
注入写法
