Python字典和使用pymysql(安全编码)的参数化MySQL
我对用python编写数据库驱动的代码非常陌生。。在这方面,python也是如此。我试图编写一些代码,将字典输出参数化(以避免SQL注入作为良好实践),并将输出放入mysql数据库中的单独列中代码执行并输出,这表明我的参数化等明显有问题,这主要是我需要帮助的地方。Python字典和使用pymysql(安全编码)的参数化MySQL,python,mysql,dictionary,secure-coding,Python,Mysql,Dictionary,Secure Coding,我对用python编写数据库驱动的代码非常陌生。。在这方面,python也是如此。我试图编写一些代码,将字典输出参数化(以避免SQL注入作为良好实践),并将输出放入mysql数据库中的单独列中代码执行并输出,这表明我的参数化等明显有问题,这主要是我需要帮助的地方。 something broke with the SQL thing something broke with the SQL thing something broke with the SQL thing etc... 字典输出
something broke with the SQL thing
something broke with the SQL thing
something broke with the SQL thing
etc...
字典输出如下所示:
{'abx.com': ['abc.com', '103.245.222.133', '', 'alt3.aspmx.l.google.com', 'ns-331.awsdns-41.com', 'Australia', '', '', 1445889980]}
{'abd.com': ['abc.com', '12.27.179.65', '', '', 'g4.nstld.com', 'United States', '', '', 1445889980]}
{'abf.com': ['abc.com', '159.204.50.123', '', 'mx01.data-tronics.com', 'ns2.data-tronics.com', 'United States', '', '', 1445889980]}
{'abv.com': ['abc.com', '192.185.225.77', '', 'abv.com.inbound10.mxlogic.net', 'ns1085.hostgator.com', 'United States', '', '', 1445889980]}
{'bac.com': ['abc.com', '171.161.206.99', '', 'mxa-0000ec05.gslb.pphosted.com', 'ns12.bac.com', 'United States', '', '', 1445889980]}
{'acb.com': ['abc.com', '92.54.21.223', '', 'mx0.acb.com', 'ns-2008.awsdns-59.co.uk', 'Spain', '', '', 1445889980]}
CREATE TABLE domains(
fakedomain INT PRIMARY KEY AUTO_INCREMENT NOT NULL,\
origdomain TEXT NULL,\
a_record TEXT NULL,\
aaaa_record TEXT NULL,\
mx_record TEXT NULL,\
ns_record TEXT NULL,\
country TEXT NULL,\
created TEXT NULL,\
updated TEXT NULL,\
epoch INT(11) NULL);
代码如下:
#!/usr/bin/env python3.4
import subprocess
import pymysql
import json
import time
conn = pymysql.connect(host="localhost", user="myuser", passwd="superpass", db="dnstwist")
cur = conn.cursor()
epoch = int(time.time())
insert_sql = "INSERT INTO domains(fakedomain, origdomain, a_record, aaaa_record, mx_record, ns_record, country, created, updated, epoch) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)"
# dictionary key structure
# { fakedomain: [ site, A, AAAA, MX, NS, Country, Created, Updated ] }
domain_dict = {}
domaininfo = []
def build_dict():
sites = ['abc.com', 'nbc.com']
for site in sites:
proc = subprocess.Popen(["python dnstwist.py -g -c " + site + " --threads 1 | grep -v ,,,,,,,, | sed -e '1,1d' "],shell=True,stdout=subprocess.PIPE,universal_newlines=True)
while True:
line = proc.stdout.readline()
domaininfo = line.split(',')
if line!= '':
fakedomain = domaininfo[1]
A = domaininfo[2]
AAAA = domaininfo[3]
MX = domaininfo[4]
NS = domaininfo[5]
country = domaininfo[6]
created = domaininfo[7]
updated = domaininfo[8]
SSDEEP = domaininfo[9]
try:
domain_dict = { fakedomain: [ site, A, AAAA, MX, NS, country, created, updated, epoch ] }
try:
cur.execute(insert_sql, (json.dumps(domain_dict)))
cur.commit()
except:
print('something broke with the SQL thing')
except:
print('you hit an exception')
continue
else:
print('you hit the break')
break
cur.close()
conn.close()
build_dict()
数据库结构如下:
{'abx.com': ['abc.com', '103.245.222.133', '', 'alt3.aspmx.l.google.com', 'ns-331.awsdns-41.com', 'Australia', '', '', 1445889980]}
{'abd.com': ['abc.com', '12.27.179.65', '', '', 'g4.nstld.com', 'United States', '', '', 1445889980]}
{'abf.com': ['abc.com', '159.204.50.123', '', 'mx01.data-tronics.com', 'ns2.data-tronics.com', 'United States', '', '', 1445889980]}
{'abv.com': ['abc.com', '192.185.225.77', '', 'abv.com.inbound10.mxlogic.net', 'ns1085.hostgator.com', 'United States', '', '', 1445889980]}
{'bac.com': ['abc.com', '171.161.206.99', '', 'mxa-0000ec05.gslb.pphosted.com', 'ns12.bac.com', 'United States', '', '', 1445889980]}
{'acb.com': ['abc.com', '92.54.21.223', '', 'mx0.acb.com', 'ns-2008.awsdns-59.co.uk', 'Spain', '', '', 1445889980]}
CREATE TABLE domains(
fakedomain INT PRIMARY KEY AUTO_INCREMENT NOT NULL,\
origdomain TEXT NULL,\
a_record TEXT NULL,\
aaaa_record TEXT NULL,\
mx_record TEXT NULL,\
ns_record TEXT NULL,\
country TEXT NULL,\
created TEXT NULL,\
updated TEXT NULL,\
epoch INT(11) NULL);
从混合中提取try/except显示以下回溯:
Traceback (most recent call last):
File "./twistdb.py", line 60, in <module>
build_dict()
File "./twistdb.py", line 45, in build_dict
cur.execute(insert_sql, (json.dumps(domain_dict)))
File "/usr/local/lib/python3.4/site-packages/pymysql/cursors.py", line 144, in execute
query = self.mogrify(query, args)
File "/usr/local/lib/python3.4/site-packages/pymysql/cursors.py", line 135, in mogrify
query = query % self._escape_args(args, conn)
TypeError: not enough arguments for format string
回溯(最近一次呼叫最后一次):
文件“/twistdb.py”,第60行,在
构建dict()
文件“/twistdb.py”,第45行,内建目录
cur.execute(insert_sql,(json.dumps(domain_dict)))
文件“/usr/local/lib/python3.4/site packages/pymysql/cursors.py”,执行中的第144行
query=self.mogrify(query,args)
文件“/usr/local/lib/python3.4/site packages/pymysql/cursors.py”,第135行,在mogrify中
查询=查询%self.\u转义\u参数(参数,conn)
TypeError:格式字符串的参数不足
由于您使用的是位置占位符,请列出参数:
在将代码块包装成带有裸except的try/except
之前,您还应该三思。至少,您正在使调试和理解问题的位置和内容变得更加困难。另见: