MariaDB SQL Builder is a simple way to use Maria SQL. Use your own SQL or use the integrated Maria SQL Builder tool.
Project description
MariaDB SQL Builder
Security fix 1.1
If you are interested, the content is below
MariaDB license
This library uses MariaDB Connector/Python, which is released under the terms of the GPLv2 license. For more information, please see the license file in the repository.
Install
Install the package with pip
pip install mariadb-sqlbuilder
Installation with pip + github
pip install git+https://github.com/princessmiku/MariaDB-SQLBuilder
Setup
import mariadb_sqlbuilder
connection = mariadb_sqlbuilder.Connector(
host="HostIP/URL",
user="User",
password="Password",
database="DatabaseToConnect"
)
Example Functions
Select
result = connection.table("myTable").select("name, age, email").where("age", 25).fetchall()
Insert
connection.table("myTable").insert().set("id", 10).set("age", 25).set("Name", "Helgo").execute()
Wiki
For all Details and how to use
Functions
Content of the fix
I have found a security problem. Variables should be given directly to the cursor instead of writing them to the SQL. This prevents SQL injections.
By changing the avoidance of sql injection, the function “get_sql()” now returns “?” at the points where variables were before.
To get the variables back, there is now “values_for_execute”, which contains the variables in the correct order. The variables are returned in the type as they are stored. String as string, integer as integer, datetime as datetime...
Example
conn.table().update().values_for_execute
conn.table().select().values_for_execute
The variables are used in the statements where I suspect the possibility of SQL injection.
- Setting variables
- Where to query (conditions)
Setting keys or table names, for example, is normally not something a user should do, so they are written to SQL as normal.
I learned a lot while working on other projects. This has given me some knowledge about security. So I thought it was right to apply this to old projects as well.
Not completely used but
Translated with www.DeepL.com/Translator (free version)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file mariadb_sqlbuilder-1.1.1.tar.gz
.
File metadata
- Download URL: mariadb_sqlbuilder-1.1.1.tar.gz
- Upload date:
- Size: 25.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.9.19
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 99cdfd0ebeaa5e0e7ddf79cad51a75b96928ee23494830f3a76c34db63271522 |
|
MD5 | 59d0b9bb2fe5394e00ef2bcd9559bc44 |
|
BLAKE2b-256 | 4751764b69a9c4074bc52a910d2cb65e259968e1b18d005f1dd93506cd3e280f |
File details
Details for the file MariaDB_SQLBuilder-1.1.1-py3-none-any.whl
.
File metadata
- Download URL: MariaDB_SQLBuilder-1.1.1-py3-none-any.whl
- Upload date:
- Size: 35.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.9.19
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c19b01bc87264ef9ca749c7709852bb0f67871c56d7ffc151316231f242d95eb |
|
MD5 | 3104774da86f05216552c3e9679b587f |
|
BLAKE2b-256 | de34fc9ab21416a7b2e190485b3e1959a96ba6add5d7fb1d81f6507dcc1893e9 |