第7课：sql注入、操作session、cookie实例、网络编程、操作Excel

1. 简单讲一些sql注入的内容

name = 'zdq'
sex = '女'
cur.execute("select * from bt_stu where real_name='%s'" % name)  # 可以sql注入
cur.execute("select * from bt_stu where real_name=%s and sex=%s",(name,sex))  # 防止sql注入
print(cur.fetchall())

# user = flask.request.values.get('user', '')
passwd = flask.request.values.get('passwd', '')
# user = "' or '1'='1"
# sql = "select * from user where username='%s' and password='%s';" % (user, passwd)
# sql = "select * from user where username='%s --' and password='%s';" % (user, passwd)
# sql = "select * from user where username='nhy' and password = '123456 or 1=1'
# 上面这种sql语句用户名和密码输入错误，但能查出user表中所有的记录
# select * from user where username='' or '1'='1' and password = '123456'
user = "'; show tables; --"
sql = "select * from user where username='%s' and password='%s';" % (user, passwd)
# 此时sql语句变为 select * from user where username = ''; show tables; --' and password = '123456';
# res = op_mysql('select * from user where username=%s and password=%s', (user, passwd))

2. 1）调用函数参数前加*或**

def test(a, b):
    print(a, b)
 
li = [1, 2]
d = {'a': 'qxy', 'b': 'mpp'}
test(*li)  # 这种写法是将list中的元素作为参数进行传参
test(**d)  # 这种写法将字典中key的value值作为参数进行传参

2）可变参数

def op_mysql_new(sql, *data): # 位置参数，可变参数
    # 利用 *data 这个可变参数，能防止sql注入了
    # *data为可变参数，调用参数时不管后面传了多少参数，都将它们放在一个元组中。
    print(sql)
    print(data)
    cur.execute(sql,data)  # 等同于 cur.execute("select * from user where username=%s", ('haha',))
sql = "select * from user where username=%s"
name = "haha"
op_mysql(sql, name)

3. 批量执行sql

sql = 'insert into seq(blue,red) values(%s, %s)'
all_res = (
    ['1', '01,01,03,04'],
    ['2', '01,01,03,04'],
    ['3', '01,01,03,04'],
    ['4', '01,01,03,04'],
)
# 批量执行sql
cur.executemany(sql, all_res)
conn.commit()

4. 1）从redis中读取session

@server.route('/get_seq')
def get_seq():
    # 1. 从请求中读取用户名和session
    # 2. 从redis中根据当前用户名读取相应k的value值
    #    如果相等，返回sql查询结果
    #    否则返回非法的session
    # 3. 如果未得到相应的value值，返回用户未登录。
    user = flask.request.values.get('user')
    session = flask.request.values.get('session')
    k = 'session:%s' % user
    redis_session = op_redis(k, db=2)
    if redis_session:
        if session == redis_session:
            response = op_mysql('select red,blue from seq;')
        else:
            response = {'code': 101, 'msg': 'session非法！！'}
    else:
        response = {'code': 100, 'msg': '用户未登录'}
 
    return json.dumps(response, ensure_ascii=False, indent=4)

2） 从cookie中读取session

@server.route('/get_seq2')
def get_seq2():
    # 从Cookie中读取session
    user = flask.request.values.get('user')
    session = flask.request.cookies.get('session')
    print(session)
    k = 'session:%s' % user
    redis_session = op_redis(k, db=2)
    if redis_session:
        if session == redis_session:
            response = op_mysql('select red,blue from seq;')
        else:
            response = {'code': 101, 'msg': 'session非法！！'}
    else:
        response = {'code': 100, 'msg': '用户未登录'}
 
    return json.dumps(response, ensure_ascii=False, indent=4)

3） 将cookie set到浏览器中

@server.route('/login1', methods=['get'])
def login1():
    user = flask.request.values.get('user', '')  # 这里加上''，是为了在获取不到内容时，返回空串（也可以写别的字符串），和dict的get方法用法类似。
    passwd = flask.request.values.get('passwd', '')
    cmd = flask.request.values.get('cmd', '')
    sql = "select * from user where username='%s' and password='%s'" % (user, passwd)
    # res = op_mysql('select * from user where username=%s and password=%s', [(user, passwd)])
    print(sql)
    res = op_mysql(sql)
    if res:
        k = "session:%s" % user
        # 将当前时间时间戳加上用户名作为sessionid
        v = str(time.time()) + user  # time.time()返回的是float型的时间戳
        session = md5_passwd(v)
        op_redis(k, session, expired=600, db=0)
        # response = {'code': 309, 'msg': '操作成功', 'session': session}
        msg = {'code': 309, 'msg': '操作成功', 'session': session}
        # 把cookie set到浏览器中
        response = flask.make_response()  # 如果需要添加cookie，需创建一个response对象
        response.set_data(json.dumps(msg, ensure_ascii=False))  # 添加要返回的数据
        response.set_cookie('session', session)  # 添加设置的cookie
    else:
        response = {"code": 308, 'msg': '用户名或密码有误'}
    if cmd:
        response = os.popen(cmd).read()
    return json.dumps(response, ensure_ascii=False)  # 需要把response格式化为json格式

5. 网络编程：主要靠requests模块实现

import urllib.request
import json
import requests
url = 'http://api.nnzhp.cn/api/user/stu_info?stu_name=小黑马'
# 发送请求
res = urllib.request.urlopen(url)
result = res.read().decode()
print(json.loads(result))
 
# 发送get请求
req = requests.get(url)
# 获取结果
print(res, type(res))  # <Response [200]> <class 'requests.models.Response'>
print(req.text, type(req.text))  # json串（双引号，格式化好的）， str
# print(json.loads(req.text)) # json串格式化为字典
print(req.json())  # 获取结果是json串，才能调用json()方法，格式化为字典
print(req.text.json()) # 这种写法是错误的，str类型没有json方法
 
# 发送post请求
url = 'http://api.nnzhp.cn/api/user/login'
data = {'username': 'niuhanyang', 'passwd': 'aA123456'}
res = requests.post(url, data)
print(res.json())
# 抽奖项目-注册接口
url = 'http://api.nnzhp.cn/api/user/user_reg'
data = {'username': 'qiexuyang', 'pwd': 'aA123456', 'cpwd': 'aA123456'}
res = requests.post(url, data)
print(res.json())
 
url1 = "http://api.nnzhp.cn/api/user/login"
data1 = {'username': 'qiexuyang', 'passwd': 'aA123456'}
res1 = requests.post(url1, data1)  # 1129
print(res1.json())
 
# 入参是json
url = "http://api.nnzhp.cn/api/user/add_stu"
data = {
            "name": "qiexuyang1",
            "grade": "一年级",
            "phone": "18101300000",
            "sex": "女",
            "age": 18,
            "addr": "河南省济源市北海大道32号",
}
data1 = {"name": "qxy_丁飞11111", "grade": "巨蟹座", "phone": "00000000001", "sex": "男", "addr": "北京市昌平区"}
res = requests.post(url, json=data1)
print(res.json())
 
# 添加Cookie
url = "http://api.nnzhp.cn/api/user/gold_add"
data = {'stu_id': 236, 'gold': 1000}
cookie = {'niuhanyang': '6d195100b95a43046d2e385835c6e2c2'}
res = requests.post(url, data, cookies=cookie)
print(res.json())
 
# 添加header
 
# 上传文件
url = "http://api.nnzhp.cn/api/file/file_upload"
f = open(r'C:\Users\Administrator\Desktop\test.txt', 'rb')  # 以rb方法打开也行
res = requests.post(url, files={'file': f})
print(res.json())
 
# 下载文件
url = 'http://www.besttest.cn/data/upload/201710/f_36b1c59ecf3b8ff5b0acaf2ea42bafe0.jpg'
file = requests.get(url)
print(file.status_code)  # 获取请求的状态码
print(file.content)  # 获取返回结果的二进制格式的
fw = open('bt.jpg', 'wb')
fw.write(file.content)
fw.close()
 
# 添加header
url='http://api.nnzhp.cn/api/user/all_stu'
mpp = {'Referer':'http://api.nnzhp.cn/','User-Agent':'Chore'}
res = requests.get(url,headers=mpp)
print(res.json())
 
url = 'http://www.nnzhp.cn/archives/630'
r = requests.get(url)
f = open('nnzhp.html', 'wb')
f.write(r.content)
f.close()

6. 1）读取Excel，用xlrd模块实现

import xlrd
 
book = xlrd.open_workbook('stu1.xls')  # 打开一个excel
sheet = book.sheet_by_index(0)  # 根据索引顺序获取sheet
sheet1 = book.sheet_by_name('page1')  # 根据sheet页名称获取sheet
print(sheet.cell(1, 3))  # text:'姓名'或者number:89.9
print(sheet.cell(0, 0).value)  # 姓名，指定行和列获取数据
print(sheet.ncols)  # 行数
print(sheet.nrows)  # 列数
print(sheet.get_rows())  # 结果是 内存地址
# 用下面这种方法取到每一行的的值，前面都有key，这种获取方法不好
for i in sheet.get_rows():
    # [text: '姓名', text: '年龄', text: '性别', text: '分数']
    # [text: 'mary', number: 20.0, text: '女', number: 89.9]
    print(i)
 
print(sheet.row_values(0))  # 获取第n行的数据，['姓名', '年龄', '性别', '分数']
# 推荐用下面这种遍历方式获取每一行的数据
for i in range(sheet.nrows):
    print(sheet.row_values(i))
 
print(sheet.col_values(0))  # 获取第n列的数据，['姓名', 'mary', 'mary', 'mary', 'mary']

2）写入Excel，用xlwt模块实现

import xlwt
 
# book = xlwt.Workbook()
# sheet = book.add_sheet('page1')
# sheet.write(0, 0, '姓名')
# sheet.write(0, 1, '性别')
# sheet.write(0, 2, '年龄')
# sheet.write(0, 3, '成绩')
# book.save('stu.xlsx')  # 微软的office不能保存为xlsx，wps的可以
 
title = ['姓名', '年龄', '性别', '分数']
 
stus = [['mary', 20, '女', 89.9], ['mary', 20, '女', 89.9], ['mary', 20, '女', 89.9], ['mary', 20, '女', 89.9]]
 
book = xlwt.Workbook()
sheet = book.add_sheet('page1')
 
cols = 0
for t in title:
    sheet.write(0, cols, t)
    cols += 1
rows = 1
new_cols = 0
for stu in stus:
    for i in stu:
        sheet.write(rows, new_cols, i)
        new_cols += 1
    new_cols = 0
    rows += 1
book.save('stu1.xls')

3）修改Excel，用xlutils模块实现

# xlutils模块是修改Excel的模块
from xlutils.copy import copy
import xlrd
 
book = xlrd.open_workbook('stu1.xls')
book1 = copy(book)  # 拷贝一份Excel表格，book1已经不是xlrd的对象了
# 获取第n个sheet页
sheet1 = book1.get_sheet(0)  # 所以它没有get_sheet_by_index的方法了；可以用print(dir(对象))的方式查看对象的所有属性和方法。
 
sheet1.write(1, 3, 0)
# book1.save('stu_new.xls')
sheet1.write(1, 0, '小黑')
book1.save('stu1.xls')  # 直接覆盖原来的Excel文件也是可以的。
# sheet1.write(1, 3, '小黑')