MariaDB SQL Builder is a simple way to use Maria SQL. Use your own SQL or use the integrated Maria SQL Builder tool.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Miku390 from gravatar.com Miku390

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: LGPL 2.1
  • Author: Miku
  • Tags database, mariadb, sql, builder, script builder, mariadb sql
  • Requires: Python >=3.7.0
Classifiers

Project description

MariaDB SQL Builder

License - GNU LPGL version 2.1 Python - ^3.7 Downloads

Security fix 1.1

If you are interested, the content is below

MariaDB license

This library uses MariaDB Connector/Python, which is released under the terms of the GPLv2 license. For more information, please see the license file in the repository.

Install

Install the package with pip pip install mariadb-sqlbuilder

Installation with pip + github pip install git+https://github.com/princessmiku/MariaDB-SQLBuilder

Setup

import mariadb_sqlbuilder

connection = mariadb_sqlbuilder.Connector(
    host="HostIP/URL",
    user="User",
    password="Password",
    database="DatabaseToConnect"
)

Example Functions

Select

result = connection.table("myTable").select("name, age, email").where("age", 25).fetchall()

Insert

connection.table("myTable").insert().set("id", 10).set("age", 25).set("Name", "Helgo").execute()

Wiki

For all Details and how to use

Functions

Content of the fix

I have found a security problem. Variables should be given directly to the cursor instead of writing them to the SQL. This prevents SQL injections.

By changing the avoidance of sql injection, the function “get_sql()” now returns “?” at the points where variables were before.

To get the variables back, there is now “values_for_execute”, which contains the variables in the correct order. The variables are returned in the type as they are stored. String as string, integer as integer, datetime as datetime...

Example

  • conn.table().update().values_for_execute
  • conn.table().select().values_for_execute

The variables are used in the statements where I suspect the possibility of SQL injection.

  • Setting variables
  • Where to query (conditions)

Setting keys or table names, for example, is normally not something a user should do, so they are written to SQL as normal.

I learned a lot while working on other projects. This has given me some knowledge about security. So I thought it was right to apply this to old projects as well.


Not completely used but
Translated with www.DeepL.com/Translator (free version)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Miku390 from gravatar.com Miku390

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: LGPL 2.1
  • Author: Miku
  • Tags database, mariadb, sql, builder, script builder, mariadb sql
  • Requires: Python >=3.7.0
Classifiers

Release history Release notifications | RSS feed

1.1.1

This version

1.1

1.0.0

1.0.0a6 pre-release

1.0.0a5 pre-release

1.0.0a4 pre-release

1.0.0a3 pre-release

1.0.0a2 pre-release

0.5.1

0.5.0

0.4.1

0.4.0

0.3.2

0.3.1

0.3.0

0.2.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mariadb_sqlbuilder-1.1.tar.gz (25.6 kB view hashes)

Uploaded Source

Built Distribution

MariaDB_SQLBuilder-1.1-py3-none-any.whl (35.0 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page