# -*- coding: UTF-8 -*-
# Author  :  LinYaoHong
# Date    :  2019/8/15 14:43
# Tools   :  PyCharm
# pip install  pymysql  -i https://pypi/douban.com/simple
'''
CREATE TABLE `test`.`user`  (
  `id` int(10) NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
  ) ENGINE = INNODB DEFAULT charset = utf8;

INSERT into user(username,password) VALUES("linyaohong",123)
'''
import pymysql
user = input("username: ")
pwd = input("password:")
conn = pymysql.connect(host='localhost',
                       port=3306,
                       user="root",
                       password='111111',
                       db="test")
cursor = conn.cursor()

# 占位符方法（可以被注入）
sql = "select * from user where username='%s' and password='%s'" % (user, pwd,)
cursor.execute(sql)
'''
lin' -- 
或者
linyaohong' or 1=1 -- 
都可以登录成功,SQL注入
'''

# 占位符方法一
# sql = "select * from user where username=%s and password=%s"
# cursor.execute(sql, (user, pwd))  # 元祖或列表
# 占位符方法二
# sql = "select * from user where username=%(u)s and password=%(p)s"
# cursor.execute(sql, {'u': user, 'p': pwd})
result = cursor.fetchone()
cursor.close()
conn.close()
print(result)
if result:
    print("登陆成功")
else:
    print("登陆失败")