Python 字典和参数化 MySQL 使用 pymysql(安全编码)
Python Dictionary and parameterized MySQL using pymysql (secure coding)
我对在 python.. 和 python 中进行数据库驱动编码非常陌生。我正在尝试编写一些代码来获取字典输出,对其进行参数化(以避免 SQL 注入作为良好做法),并将输出放入 mysql 数据库中的单独列中。 代码执行和输出告诉我我的参数化等显然有问题,这主要是我需要帮助的地方。
something broke with the SQL thing
something broke with the SQL thing
something broke with the SQL thing
etc...
字典输出如下:
{'abx.com': ['abc.com', '103.245.222.133', '', 'alt3.aspmx.l.google.com', 'ns-331.awsdns-41.com', 'Australia', '', '', 1445889980]}
{'abd.com': ['abc.com', '12.27.179.65', '', '', 'g4.nstld.com', 'United States', '', '', 1445889980]}
{'abf.com': ['abc.com', '159.204.50.123', '', 'mx01.data-tronics.com', 'ns2.data-tronics.com', 'United States', '', '', 1445889980]}
{'abv.com': ['abc.com', '192.185.225.77', '', 'abv.com.inbound10.mxlogic.net', 'ns1085.hostgator.com', 'United States', '', '', 1445889980]}
{'bac.com': ['abc.com', '171.161.206.99', '', 'mxa-0000ec05.gslb.pphosted.com', 'ns12.bac.com', 'United States', '', '', 1445889980]}
{'acb.com': ['abc.com', '92.54.21.223', '', 'mx0.acb.com', 'ns-2008.awsdns-59.co.uk', 'Spain', '', '', 1445889980]}
代码如下:
#!/usr/bin/env python3.4
import subprocess
import pymysql
import json
import time
conn = pymysql.connect(host="localhost", user="myuser", passwd="superpass", db="dnstwist")
cur = conn.cursor()
epoch = int(time.time())
insert_sql = "INSERT INTO domains(fakedomain, origdomain, a_record, aaaa_record, mx_record, ns_record, country, created, updated, epoch) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)"
# dictionary key structure
# { fakedomain: [ site, A, AAAA, MX, NS, Country, Created, Updated ] }
domain_dict = {}
domaininfo = []
def build_dict():
sites = ['abc.com', 'nbc.com']
for site in sites:
proc = subprocess.Popen(["python dnstwist.py -g -c " + site + " --threads 1 | grep -v ,,,,,,,, | sed -e '1,1d' "],shell=True,stdout=subprocess.PIPE,universal_newlines=True)
while True:
line = proc.stdout.readline()
domaininfo = line.split(',')
if line!= '':
fakedomain = domaininfo[1]
A = domaininfo[2]
AAAA = domaininfo[3]
MX = domaininfo[4]
NS = domaininfo[5]
country = domaininfo[6]
created = domaininfo[7]
updated = domaininfo[8]
SSDEEP = domaininfo[9]
try:
domain_dict = { fakedomain: [ site, A, AAAA, MX, NS, country, created, updated, epoch ] }
try:
cur.execute(insert_sql, (json.dumps(domain_dict)))
cur.commit()
except:
print('something broke with the SQL thing')
except:
print('you hit an exception')
continue
else:
print('you hit the break')
break
cur.close()
conn.close()
build_dict()
数据库结构如下:
CREATE TABLE domains(
fakedomain INT PRIMARY KEY AUTO_INCREMENT NOT NULL,\
origdomain TEXT NULL,\
a_record TEXT NULL,\
aaaa_record TEXT NULL,\
mx_record TEXT NULL,\
ns_record TEXT NULL,\
country TEXT NULL,\
created TEXT NULL,\
updated TEXT NULL,\
epoch INT(11) NULL);
从组合中取出 try/except 显示以下回溯:
Traceback (most recent call last):
File "./twistdb.py", line 60, in <module>
build_dict()
File "./twistdb.py", line 45, in build_dict
cur.execute(insert_sql, (json.dumps(domain_dict)))
File "/usr/local/lib/python3.4/site-packages/pymysql/cursors.py", line 144, in execute
query = self.mogrify(query, args)
File "/usr/local/lib/python3.4/site-packages/pymysql/cursors.py", line 135, in mogrify
query = query % self._escape_args(args, conn)
TypeError: not enough arguments for format string
由于您使用的是位置占位符 - 制作一个参数列表:
insert_sql = """
INSERT INTO
domains
(fakedomain, origdomain, a_record, aaaa_record, mx_record, ns_record, country, created, updated, epoch)
VALUES
(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)
"""
params = [fakedomain, site, A, AAAA, MX, NS, country, created, updated, epoch]
cur.execute(insert_sql, params)
在将代码块包装成 try/except 之前,您还应该三思而后行。至少,您使调试和理解问题的位置和问题变得更加困难。另见:
- Should I always specify an exception type in `except` statements?
我对在 python.. 和 python 中进行数据库驱动编码非常陌生。我正在尝试编写一些代码来获取字典输出,对其进行参数化(以避免 SQL 注入作为良好做法),并将输出放入 mysql 数据库中的单独列中。 代码执行和输出告诉我我的参数化等显然有问题,这主要是我需要帮助的地方。
something broke with the SQL thing
something broke with the SQL thing
something broke with the SQL thing
etc...
字典输出如下:
{'abx.com': ['abc.com', '103.245.222.133', '', 'alt3.aspmx.l.google.com', 'ns-331.awsdns-41.com', 'Australia', '', '', 1445889980]}
{'abd.com': ['abc.com', '12.27.179.65', '', '', 'g4.nstld.com', 'United States', '', '', 1445889980]}
{'abf.com': ['abc.com', '159.204.50.123', '', 'mx01.data-tronics.com', 'ns2.data-tronics.com', 'United States', '', '', 1445889980]}
{'abv.com': ['abc.com', '192.185.225.77', '', 'abv.com.inbound10.mxlogic.net', 'ns1085.hostgator.com', 'United States', '', '', 1445889980]}
{'bac.com': ['abc.com', '171.161.206.99', '', 'mxa-0000ec05.gslb.pphosted.com', 'ns12.bac.com', 'United States', '', '', 1445889980]}
{'acb.com': ['abc.com', '92.54.21.223', '', 'mx0.acb.com', 'ns-2008.awsdns-59.co.uk', 'Spain', '', '', 1445889980]}
代码如下:
#!/usr/bin/env python3.4
import subprocess
import pymysql
import json
import time
conn = pymysql.connect(host="localhost", user="myuser", passwd="superpass", db="dnstwist")
cur = conn.cursor()
epoch = int(time.time())
insert_sql = "INSERT INTO domains(fakedomain, origdomain, a_record, aaaa_record, mx_record, ns_record, country, created, updated, epoch) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)"
# dictionary key structure
# { fakedomain: [ site, A, AAAA, MX, NS, Country, Created, Updated ] }
domain_dict = {}
domaininfo = []
def build_dict():
sites = ['abc.com', 'nbc.com']
for site in sites:
proc = subprocess.Popen(["python dnstwist.py -g -c " + site + " --threads 1 | grep -v ,,,,,,,, | sed -e '1,1d' "],shell=True,stdout=subprocess.PIPE,universal_newlines=True)
while True:
line = proc.stdout.readline()
domaininfo = line.split(',')
if line!= '':
fakedomain = domaininfo[1]
A = domaininfo[2]
AAAA = domaininfo[3]
MX = domaininfo[4]
NS = domaininfo[5]
country = domaininfo[6]
created = domaininfo[7]
updated = domaininfo[8]
SSDEEP = domaininfo[9]
try:
domain_dict = { fakedomain: [ site, A, AAAA, MX, NS, country, created, updated, epoch ] }
try:
cur.execute(insert_sql, (json.dumps(domain_dict)))
cur.commit()
except:
print('something broke with the SQL thing')
except:
print('you hit an exception')
continue
else:
print('you hit the break')
break
cur.close()
conn.close()
build_dict()
数据库结构如下:
CREATE TABLE domains(
fakedomain INT PRIMARY KEY AUTO_INCREMENT NOT NULL,\
origdomain TEXT NULL,\
a_record TEXT NULL,\
aaaa_record TEXT NULL,\
mx_record TEXT NULL,\
ns_record TEXT NULL,\
country TEXT NULL,\
created TEXT NULL,\
updated TEXT NULL,\
epoch INT(11) NULL);
从组合中取出 try/except 显示以下回溯:
Traceback (most recent call last):
File "./twistdb.py", line 60, in <module>
build_dict()
File "./twistdb.py", line 45, in build_dict
cur.execute(insert_sql, (json.dumps(domain_dict)))
File "/usr/local/lib/python3.4/site-packages/pymysql/cursors.py", line 144, in execute
query = self.mogrify(query, args)
File "/usr/local/lib/python3.4/site-packages/pymysql/cursors.py", line 135, in mogrify
query = query % self._escape_args(args, conn)
TypeError: not enough arguments for format string
由于您使用的是位置占位符 - 制作一个参数列表:
insert_sql = """
INSERT INTO
domains
(fakedomain, origdomain, a_record, aaaa_record, mx_record, ns_record, country, created, updated, epoch)
VALUES
(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)
"""
params = [fakedomain, site, A, AAAA, MX, NS, country, created, updated, epoch]
cur.execute(insert_sql, params)
在将代码块包装成 try/except 之前,您还应该三思而后行。至少,您使调试和理解问题的位置和问题变得更加困难。另见:
- Should I always specify an exception type in `except` statements?